I don't have the CA signed certificate for local server: serv.org.com. Therefore, I follow the steps to create the self-signed certificate for IAM server.

openssl genrsa -des3 -out iamserver.key 4096

openssl req -new -key iamserver.key -out iamserver.csr -subj "/O=Org/CN=IAMAccessor" -sha256

openssl x509 -req -days 365 -in iamserver.csr -CA ca.crt -CAkey ca.key -out iamserver.crt -CAserial ca.seq

For the steps above are successful.

However, when I try to run the following steps with error.

"If you are using your self-created CA to sign your certificate, the following sample script demonstrates how to sign a server certificate with it."

openssl x509 -passin pass:passw0rd -req -days 365 -in iamserver.csr -CA ca.crt
-CAkey ca.key -out iamserver.crt -CAcreateserial -CAserial ca.seq -sha256 -extfile
<(printf "[SAN]\nsubjectAltName=DNS:iamserver.com") -extensions SAN

I got an error message: System failed to found the specific files.

CodePudding user response：

You are passing an "-in iamserver.csr" but there does not appear to be a csr for iamserver in your dir listing.

CodePudding user response：

Please be careful, post responses to answers, don't try to edit them.

I'm just responding to the image that came in the original post.

In the first picture, you did not specify the correct path to iamserver.csr That file was in your iamserver directory, so it should look like "-in iamserver\iamserver.csr"

In the picture you responded with you were in iamserver directory, but all of your other ca files where in the directory above. So you need to fix the path to all of the inputs so that they match and point to something.