I am creating root and intermediate CA with easy-rsa using ./build-ca & ./build-inter commands consecutively. Now, I want my root ca as offline and I want my certs/keys signed by intermediate CA. I am generating cert/key using keytool. When I am signing them using root CA, It's working perfectly but when I am signing them using intermediate CA, I am getting following error (after step no:6 mentioned below): "keytool error: java.lang.Exception: Failed to establish chain from reply"
I am mentioning all commands of creating cert/key and signing them below.
keytool -importcert -alias clusterCA -file root_ca.crt/intermediate_ca.crt -keystore clustertruststore -storepass
keytool -genkeypair -alias node -keyalg RSA -keysize 2048 -keypass -keystore node.keystore -storepass -validity 365
keytool -keystore node.keystore -alias node -certreq -file node.cert -storepass -keypass
openssl x509 -req -CA root_ca.crt/intermediate_ca.crt -CAkey root_ca.key/intermediate_ca.key -in node.cert -out node.signed -days 365 -CAcreateserial
keytool -keystore node.keystore -storepass -alias clusterCA -import -file root_ca.crt/intermediate_ca.crt -noprompt
keytool -keystore node.keystore -storepass -alias node -import -file node.signed -keypass
keytool -importkeystore -srckeystore node.keystore -destkeystore node.p12 -deststoretype PKCS12
openssl pkcs12 -in node.p12 -nokeys -out node_cer.pem -passin pass:
openssl pkcs12 -in node.p12 -nodes -nocerts -out node_key.pem -passin pass:
