$ /bin/mkdir -v /var/tmp/mica
/bin/mkdir: se ha creado el directorio `/var/tmp/mica'

$ cd /var/tmp/mica
$ /usr/lib/ssl/misc/CA.sh -newca
CA certificate filename (or enter to create)
[Enter]
Making CA certificate ...
Generating a 1024 bit RSA private key
....................+++
...................................+++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase: [Clave ca] 
Verifying - Enter PEM pass phrase: [Clave ca]
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:PT
State or Province Name (full name) [Some-State]:Braganca
Locality Name (eg, city) []:Braganca
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Companhia GSR
Organizational Unit Name (eg, section) []:Unidade de certificados
Common Name (eg, YOUR name) []:gsr.pt
Email Address []:[Enter]

$ /usr/bin/openssl req -newkey rsa:1024 -nodes -keyout newreq.pem -out newreq.pem
Generating a 1024 bit RSA private key
...++++++
...........++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:PT
State or Province Name (full name) [Some-State]:Braganca
Locality Name (eg, city) []:Braganca
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SubGSR
Organizational Unit Name (eg, section) []:Controle de acesso
Common Name (eg, YOUR name) []:gsr.pt
Email Address []:sergio@gsr.pt


Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:[Clave] 
An optional company name []:.[Enter]

$ /usr/lib/ssl/misc/CA.sh -sign
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:[Clave ca]
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Sep 23 16:16:11 2004 GMT
            Not After : Sep 23 16:16:11 2005 GMT
        Subject:
            countryName               = PT
            stateOrProvinceName       = Braganca
            localityName              = Braganca
            organizationName          = SubGSR
            organizationalUnitName    = Controle de acesso
            commonName                = gsr.pt
            emailAddress              = sergio@gsr.pt
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                8C:66:2C:3E:0F:63:2F:53:29:FA:28:EA:7F:59:A4:16:4C:DF:7C:6C
            X509v3 Authority Key Identifier:
                keyid:F1:34:77:80:A4:34:4B:71:C8:BF:81:6C:DF:0C:98:D3:62:B7:10:BE
                DirName:/C=PT/ST=Braganca/L=Braganca/O=Companhia GSR/OU=Unidade de\
                                                             certificados/CN=gsr.pt
                serial:00

Certificate is to be certified until Sep 23 16:16:11 2005 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=PT, ST=Braganca, L=Braganca, O=Companhia GSR, OU=Unidade de certificados,\
                                                                                   CN=gsr.pt
        Validity
            Not Before: Sep 23 16:16:11 2004 GMT
            Not After : Sep 23 16:16:11 2005 GMT
        Subject: C=PT, ST=Braganca, L=Braganca, O=SubGSR, OU=Controle de acesso, \
                                                        CN=gsr.pt/emailAddress=sergio@gsr.pt
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:ab:bc:62:aa:75:ad:76:6d:05:e6:be:c2:b7:b7:
                    1f:28:3a:b9:ed:0b:b2:11:6a:9d:27:7b:06:69:89:
                    3a:13:3d:29:85:0d:02:87:b7:ac:cf:46:b0:01:3a:
                    30:c6:2e:25:13:af:6f:35:b6:d0:2c:ae:fb:42:24:
                    77:f3:c7:e1:a6:cb:00:35:ca:03:be:b1:d8:dd:22:
                    de:d6:bc:e2:94:d4:1a:ae:47:83:95:0c:a2:ae:1f:
                    c3:d3:f4:1d:7e:cd:cc:9c:48:28:63:35:5c:af:7b:
                    c9:bf:f8:f7:de:2b:09:61:c6:40:30:76:e3:9f:51:
                    28:d0:61:b2:18:9a:d9:8a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                8C:66:2C:3E:0F:63:2F:53:29:FA:28:EA:7F:59:A4:16:4C:DF:7C:6C
            X509v3 Authority Key Identifier:
                keyid:F1:34:77:80:A4:34:4B:71:C8:BF:81:6C:DF:0C:98:D3:62:B7:10:BE
                DirName:/C=PT/ST=Braganca/L=Braganca/O=Companhia GSR/OU=Unidade de \
                                                                    certificados/CN=gsr.pt
                serial:00

    Signature Algorithm: md5WithRSAEncryption
        27:43:54:46:14:dd:f5:2d:64:40:b4:dd:62:b4:79:d6:93:32:
        d4:56:0d:a7:80:60:6a:93:1a:c2:02:e3:f8:33:d9:4d:32:c7:
        0b:34:29:01:72:98:1a:aa:c6:34:78:50:11:0d:92:ab:31:ba:
        9b:3f:27:39:1a:19:8b:a0:2c:d7:ca:56:04:69:c4:ae:cc:e5:
        dc:fa:ce:da:11:a9:25:0c:db:d6:8c:60:b1:86:9a:02:06:c5:
        c4:da:8f:8e:a6:4d:84:06:3d:e1:ce:3e:d9:fa:d4:5b:d5:44:
        36:4f:48:88:d0:ab:ec:03:e5:a7:4f:92:e8:8e:db:aa:89:7e:
        02:e4
-----BEGIN CERTIFICATE-----
MIIDkDCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADB+MQswCQYDVQQGEwJQVDER
MA8GA1UECBMIQnJhZ2FuY2ExETAPBgNVBAcTCEJyYWdhbmNhMRYwFAYDVQQKEw1D
b21wYW5oaWEgR1NSMSAwHgYDVQQLExdVbmlkYWRlIGRlIGNlcnRpZmljYWRvczEP
MA0GA1UEAxMGZ3NyLnB0MB4XDTA0MDkyMzE2MTYxMVoXDTA1MDkyMzE2MTYxMVow
gZAxCzAJBgNVBAYTAlBUMREwDwYDVQQIEwhCcmFnYW5jYTERMA8GA1UEBxMIQnJh
Z2FuY2ExDzANBgNVBAoTBlN1YkdTUjEbMBkGA1UECxMSQ29udHJvbGUgZGUgYWNl
c3NvMQ8wDQYDVQQDEwZnc3IucHQxHDAaBgkqhkiG9w0BCQEWDXNlcmdpb0Bnc3Iu
cHQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKu8Yqp1rXZtBea+wre3Hyg6
ue0LshFqnSd7BmmJOhM9KYUNAoe3rM9GsAE6MMYuJROvbzW20Cyu+0Ikd/PH4abL
ADXKA76x2N0i3ta84pTUGq5Hg5UMoq4fw9P0HX7NzJxIKGM1XK97yb/4994rCWHG
QDB2459RKNBhshia2YpTAgMBAAGjggEJMIIBBTAJBgNVHRMEAjAAMCwGCWCGSAGG
+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
jGYsPg9jL1Mp+ijqf1mkFkzffGwwgaoGA1UdIwSBojCBn4AU8TR3gKQ0S3HIv4Fs
3wyY02K3EL6hgYOkgYAwfjELMAkGA1UEBhMCUFQxETAPBgNVBAgTCEJyYWdhbmNh
MREwDwYDVQQHEwhCcmFnYW5jYTEWMBQGA1UEChMNQ29tcGFuaGlhIEdTUjEgMB4G
A1UECxMXVW5pZGFkZSBkZSBjZXJ0aWZpY2Fkb3MxDzANBgNVBAMTBmdzci5wdIIB
ADANBgkqhkiG9w0BAQQFAAOBgQAnQ1RGFN31LWRAtN1itHnWkzLUVg2ngGBqkxrC
AuP4M9lNMscLNCkBcpgaqsY0eFARDZKrMbqbPyc5GhmLoCzXylYEacSuzOXc+s7a
EaklDNvWjGCxhpoCBsXE2o+Opk2EBj3hzj7Z+tRb1UQ2T0iI0KvsA+WnT5Lojtuq
iX4C5A==
-----END CERTIFICATE-----
Signed certificate is in newcert.pem

# /usr/bin/tree /etc/ldap/ssl
/etc/ldap/ssl
|-- cacert.pem
|-- certs
|   `-- servidorcert.pem 
|-- crl
|-- index.txt
|-- newcerts
|   `-- 01.pem
|-- private
|   |-- cakey.pem
|   `-- servidorkey.pem 
`-- serial

4 directories, 7 files