<div dir="ltr">

<p class="gmail-s570a4-10 gmail-iEJDri" style="margin:0px;padding:0px 0px 0.25em;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;font-size:14px;line-height:inherit;font-family:"Noto Sans",sans-serif;vertical-align:baseline;color:rgb(28,28,28);text-decoration-style:initial;text-decoration-color:initial">I started the process of creating a chain of certificates from the root CA down to a leaf certificate using openssl running on a debian vm. I successfully created and verified the root cert, intermediate cert and chain file. The issue I am having now is that when I go to create a leaf cert to be used by the server it will not work for me. After generating the key and and the CSR i use this command "<span> </span><strong class="gmail-s570a4-14 gmail-kYTLgH" style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:700;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline">openssl</strong><span> </span>ca -config path/to/config/folder/openssl.cnf -extensions server_cert -days 375 -notext -md sha256 -in path/to/CSR/folder/www.testcert.com.csr.pem -out path/to/output/cert/folder/www.testcert.com.cert.pem".</p><p class="gmail-s570a4-10 gmail-iEJDri" style="margin:0px;padding:0.25em 0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;font-size:14px;line-height:inherit;font-family:"Noto Sans",sans-serif;vertical-align:baseline;color:rgb(28,28,28);text-decoration-style:initial;text-decoration-color:initial">After running this command I get the output "using configuration from path/to/config/folder/openssl.cnf".</p><p class="gmail-s570a4-10 gmail-iEJDri" style="margin:0px;padding:0.25em 0px 0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;font-size:14px;line-height:inherit;font-family:"Noto Sans",sans-serif;vertical-align:baseline;color:rgb(28,28,28);text-decoration-style:initial;text-decoration-color:initial">When I check the folder i told openssl to place the newly created cert in it is not there. I have tried changing to a different output folder for the new cert but I get the same result. Any idea what is going on?</p><p class="gmail-s570a4-10 gmail-iEJDri" style="margin:0px;padding:0.25em 0px 0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;font-size:14px;line-height:inherit;font-family:"Noto Sans",sans-serif;vertical-align:baseline;color:rgb(28,28,28);text-decoration-style:initial;text-decoration-color:initial"><br></p><p class="gmail-s570a4-10 gmail-iEJDri" style="margin:0px;padding:0.25em 0px 0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;font-size:14px;line-height:inherit;font-family:"Noto Sans",sans-serif;vertical-align:baseline;color:rgb(28,28,28);text-decoration-style:initial;text-decoration-color:initial">The guide I have been using up until this point is at: <a href="https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html">https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html</a></p>

<br></div>