Sign the certificate signing request

For each node, sign the certificate signing request.

For each node, sign the certificate signing request. If you created a bring your own (BYO) root CA, follow the instructions below. Alternatively, send the certificate signing request to a well-known CA for signing.

Procedure

  1. Sign each node certificate:
    openssl x509 -req -CA '../ca/rootCa.crt' \
    -CAkey '../ca/rootCa.key' \
    -in node0.csr \
    -out node0.crt_signed \
    -days 365 \
    -CAcreateserial \
    -passin pass:myPass
    A signed certificate file is created.
  2. Verify the BYO certificate file was properly signed:
    openssl verify -CAfile '../ca/rootCa.crt' node0.crt_signed
    node0.crt_signed: OK