Use externally generated CA cert to sign CSR's in OpenSSL

Question

I wondering if it is at all possible to use an externally generated root CA ( and by external I mean an internal root CA that was created using another tool) and use it with OpenSSL to sign a CSR?

The guides I'm reading around creating my own certificate authority detail creating the private key and root ca certificate using OpenSSL itself, and then using this to sign CSRs.

What I want to know is, can I use and existing Root CA from another tool( providing I export the private key) and use this to sign a CSR ,also created from a different tool and not OpenSSL?

Any info and commands would be awesome as I'm new to this.

score 2 · Accepted Answer · answered May 26 '16 at 00:01

Yes, you can. You just need to have the private key in the proper format to be used by openssl.

Not knowing in which format you exported, it's impossible to provide commands, but -supposing it can't sign directly with it- openssl x509 may be able to convert the file.

Use externally generated CA cert to sign CSR's in OpenSSL

1 Answers1