certs

Gratefully stolen from TLS Mastery. My apologies.

Create a csr and key

Assuming there is already a cnf file for this:

#openssl req -newkey rsa -config gitlab.cnf -out gitlab.csr -new -sha256 #creates a new key
openssl req -key KEYFILE.key -config CONFIG.cnf -out REQUEST.csr -new -sha256

Sign the csr

openssl ca -batch -config intermediateCA-openssl.cnf -extensions server_cert -notext -in gitlab.csr

format of the index.txt file

tab delimited

1. Certificate status (V = valid, R = revoked, E = expired)

2. Expiration date in YYMMDDHHMMSSZ format

3. Cert revocation date

4. serial number in hex

5. filename or unknown

6. Certificate distinguished name