Task $3$: Generating a Certificate for your server

The CSR file needs to have the CA$$s signature to form a certificate. In the real world, the CSR

files are usually sent to a trusted CA for their signature. In this lab, we will use our own trusted

CA to generate certificates. The following command turns the certificate signing request

$($server$.$csr$)$ into an X$509$ certificate $($server$.$crt$),$ using the CA$$s ca$.$crt and

ca$.$key:

openssl ca $-$config myCA$\_$openssl.cnf $-$policy policy$\_$anything $\backslash$

$-$md sha$256-$days $3650\backslash$

$-$in server.csr $-$out server.crt $-$batch $\backslash$

$-$cert ca$.$crt $-$keyfile ca$.$key

In the above command, myCA openssl.cnf is the configuration file we copied from

$/$usr$/$lib$/$ ssl$/$openssl$.$cnf $($we also made changes to this file in Task $1).$ We use

the policy anything policy defined in the configuration file. This is not the default policy;

the default policy has more restriction, requiring some of the subject information in the request

to match those in the CA$$s certificate. The policy used in the command, as indicated by its

name, does not enforce any matching rule.

Copy the extension field. For security reasons, the default setting in openssl.cnf does not

allow the "openssl ca$"$ command to copy the extension field from the request to the final

certificate. To enable that, we can go to our copy of the configuration file, uncomment the

following line:

# Extension copying option: use with caution.

copy$\_$extensions $=$ copy

After signing the certificate, please use the following command to print out the decoded

content of the certificate, and check whether the alternative names are included.

openssl x$509-$in server.crt $-$text $-$noout

Submission:

You need to submit a detailed lab report, with screenshots, to describe what you have done

and what you have observed. You also need to provide explanation to the observations that

are interesting or surprising. Please also list the important code snippets followed by

explanation. Simply attaching code without any explanation will not receive credits.