Hi, Google has let me down on this one. I am sure there is a tutorial in place somewhere for this. I just can't seem to find it.
I have the following in place: 1. Certificate Signing Request from a device. 2. Root CA I generated via these openssl commands: openssl ecparam -out ec_param.pem -name secp384r1 openssl req -new -x509 -days 3650 -extensions v3_ca -keyout private/ec_cakey.pem -out ec_cacert.pem -newkey ec:ec_param.pem -config openssl.cnf I am able to sign my CSR with this Root CA and everything works fine. The device can install the certificate and a peer device using the root CA can verify it as part of a TLS exchange. So the CSR is good and the root CA is good. What I would like to be able to do is the following: 1. Sign Root CA with intermediate CA; again with secp384r1 2. Sign my device Certificate with that Intermediate CA. Every attempt I have made has ended when I tried to sign my device CSR with the intermediate CA. Always get errors about not being able to load private keys at that point. I also need to be able to do this with a depth of 3; (RootCA + CA1 + CA2). Thanks Stan
