Create an Intermediate Certificate for Cloud Connector

To create an intermediate certificate for cloud connector:

  1. Create the following file at the command (command for Linux OS):
    1. Linux OS
      • touch \certindex
      • echo 1000 > \certserial
      • echo 1000 > \crlnumbe
    2. Windows OS
      • echo certindex
      • echo 1000 > \certserial
      • echo 1000 > \crlnumbe
  2. Create a CA configuration file:
    • Create a file with the following name: ca.conf.
    • Add this content to the file. 
                        # vim ca.conf
                            [ ca ]
                            default_ca = myca
                            [ crl_ext ]
                            issuerAltName=issuer:copy
                            authorityKeyIdentifier=keyid:always
                            [ myca ]
                            # Linux
                            dir = ./
                            # Windows - change this value to the working path for this guide
                            # dir =C:\\OpenSSL-Win64\\bin\\
                            new_certs_dir = $dir
                            unique_subject = no
                            certificate = $dir/HCC_CA.crt
                            database = $dir/certindex
                            private_key = $dir/HCC_CA.key
                            serial = $dir/certserial
                            default_days = 730
                            default_md = sha1
                            policy = myca_policy
                            x509_extensions = myca_extensions
                            crlnumber = $dir/crlnumber
                            default_crl_days = 730
                            [ myca_policy ]
                            commonName = supplied
                            stateOrProvinceName = supplied
                            countryName = optional
                            emailAddress = optional
                            organizationName = supplied
                            organizationalUnitName = optional
                            [ myca_extensions ]
                            basicConstraints = critical,CA:TRUE
                            keyUsage = critical,any
                            subjectKeyIdentifier = hash
                            authorityKeyIdentifier = keyid:always,issuer
                            keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign extendedKeyUsage =
                            serverAuth
                            [ v3_ca ]
                            basicConstraints = critical,CA:TRUE,pathlen:0
                            keyUsage = critical,any
                            subjectKeyIdentifier = hash
                            authorityKeyIdentifier = keyid:always,issuer
                            keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign extendedKeyUsage =
                            serverAuth
      Note: Change the dir value in the configure file as per your OS.
  3. Create intermediate Key and CSR:
    1. openssl genrsa -out \intermediate.key 2048.
    2. openssl req -new -sha256 -key \intermediate.key -out \intermediate.csr.
    3. Provide the input information for the certificate and continue to input the asking value.
    4. openssl ca -batch -config \ca.conf -notext -in \intermediate.csr -out \intermediate.crt.
  4. Convert Client Key to PKCS:
    1. Will merge the certificate and private key to create a single file.
    2. openssl pkcs12 -export -clcerts -in \intermediate.crt -inkey \intermediate.key -out \intermediate.p12.