Signature is a required part of certificate. You may instead create so-called self-signed certificate, signed by your own key.
Creating a Digital Certificate without signing it
-
31-05-2022 - |
Question
I have created a key-pair and now I want to bind my public key with an email id (create a digital certificate). I do not want to do the next step of signing the certificate.
Question: How can I create the digital certificate (hence bind the public key with the identity) and not really sign it for now ? (Using OpenSSL for the same would be fine).
My understanding:
- Digital certificate is just packaging the public key with an identity.
- Digital signature is a CA assuring/signing the certificate and embedding the signature in the certificate file
Or is my understanding all wrong ?
Solution
OTHER TIPS
if i got your question right, you want to prepare a certificate and stop the process before the actual signing by a CA would happen ...
the thing you are looking for is a so called certificate request ...
have a look at the "openssl req" command ... for examples see http://www.openssl.org/docs/apps/req.html (examples section shows generating a new request)