I trying to create a Self-signed certificate chain for simulations, but when I try to import the server's certificate it looks like it's not part of the chain.
Here is what I did:
Creating a Private key:
openssl genrsa -out RootCA.key 4096
Creating a new Certificate and sign it with the previous private key:
openssl req -new -x509 -days 1826 -key RootCA.key -out RootCA.crt
Create a new Private key for Intermediate:
openssl genrsa -out IntermediateCA.key 4096
Create a Certificate Signing Request for the Intermediate's certificate:
openssl req -new -key IntermediateCA.key -out IntermediateCA.csr
Create a certificate from the CSR and sign it with the private key of the Root CA:
openssl x509 -req -days 1000 -in IntermediateCA.csr -CA RootCA.crt -CAkey RootCA.key -CAcreateserial -out IntermediateCA.crt
Add the new Certificate of Root CA to trusted host of your operation system:
cp *.crt /usr/local/share/ca-certificates/
Update-ca-certificates
Create a new private key for a server:
openssl genrsa -out server.key 4096
Create a new Certificate Signing Request for the server's certificate:
Note: this common name field on the request must match the FQDN of the server.
openssl req -new -key server.key -out server.csr
Create a certificate from the CSR and sign it with the private key of the Intermediate CA:
openssl x509 -req -in server.csr -CA IntermediateCA.crt -CAkey IntermediateCA.key -set_serial 0101 -out server.crt -days 500 -sha1
But it looks like isolated certificates:
And I would like to simulate this:
OpenSSL Print:
% openssl x509 -text -in server.pem
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 101 (0x65)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=IL, O=new, CN=yoyo
Validity
Not Before: Dec 15 08:49:53 2022 GMT
Not After : Apr 28 08:49:53 2024 GMT
Subject: C=IL, O=new, CN=server
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c6:ab:06:38:e9:10:11:64:6f:62:53:07:37:12:
66:4f:02:88:6c:b6:a1:b0:57:c0:5b:49:67:f1:b8:
78:90:d0:c3:44:bc:d0:94:e7:24:4b:01:41:43:d1:
6d:e5:ff:4f:6d:79:52:39:e6:c9:f6:5c:ba:4b:0c:
8f:a2:3a:dd:de:d5:a6:13:36:4c:d3:dc:7c:3b:59:
19:1d:19:05:8c:18:1b:0c:5d:2d:b2:0c:5a:1c:00:
b4:fe:4c:de:55:10:15:81:9e:3c:c9:db:be:ac:a5:
a4:cc:a9:8b:79:f9:d6:43:96:aa:35:1e:ad:50:c3:
3b:0f:35:af:97:a7:fb:30:8e:ac:fe:8c:9e:45:23:
17:9b:e2:19:16:f2:fe:bb:8e:c4:7f:37:ee:99:34:
2c:bf:f8:a4:8a:30:c9:bc:80:4a:f5:ce:38:72:be:
67:7e:7e:b7:45:93:95:5f:fd:5b:19:86:d0:c4:f4:
e5:4b:ed:e9:48:ef:4d:6a:a1:d4:72:ae:69:1d:20:
71:2b:5e:30:a5:b0:19:5a:96:0c:ab:49:d3:92:59:
46:df:26:ce:94:8c:e9:3d:e2:3d:ac:67:00:ad:e6:
6f:dc:06:67:f8:45:8d:13:78:3a:2e:20:b5:80:c4:
27:e1:a3:c9:da:1e:ac:23:78:63:02:02:41:7e:d3:
75:d2:86:22:b3:dd:e8:85:eb:6f:ec:da:d2:1d:be:
a4:a9:36:41:95:0f:08:07:a8:0a:56:4c:d0:60:e1:
ff:a5:ce:c7:02:63:6b:96:5c:90:45:79:2b:aa:c0:
db:91:6d:92:31:d7:62:25:e9:bf:40:78:a6:14:da:
51:67:e2:84:86:b7:7a:f2:d7:7b:11:50:92:1f:3d:
57:6c:c7:13:a9:67:d1:66:f1:4a:cd:ec:89:e3:e2:
45:ab:26:bf:ad:35:c2:89:14:c4:10:a9:7b:4e:71:
f7:e2:53:28:81:8c:32:fd:70:90:77:9e:30:c9:3d:
59:08:bb:00:7c:81:3e:48:10:5a:f1:2c:88:6d:97:
0e:c0:8e:31:82:c4:85:af:6c:fc:50:1a:70:a1:b2:
33:2e:92:b6:93:df:fb:49:b0:11:d6:00:b7:f9:cf:
60:61:53:c9:78:a8:5c:45:3c:b5:6c:8c:dc:8c:7e:
61:6e:77:65:c2:38:90:7a:69:08:2c:e2:43:88:f8:
1e:31:da:4b:dd:d4:e2:b7:34:d5:ba:23:27:f2:9a:
00:56:55:93:d3:3c:f6:ee:26:15:82:79:60:08:46:
4a:15:88:2e:ce:57:2e:41:7a:51:83:5b:de:a3:28:
33:c1:f2:54:c9:05:a7:ea:6a:60:3c:93:ea:9a:eb:
3a:0a:5f
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
9c:c2:fe:e2:6c:7b:6c:bb:7c:be:01:91:41:4c:67:3c:2b:1f:
94:8e:05:76:3b:89:f2:4c:7f:e7:b8:93:1e:f1:6c:15:59:f0:
c9:71:3a:79:9f:c5:59:cc:2d:1a:54:fa:0a:2b:ed:71:db:17:
bf:4e:9b:d2:a7:ce:a0:58:4a:29:66:b7:88:69:d9:a7:74:75:
33:43:4c:b1:d4:2f:13:1c:e8:d3:92:df:2c:81:31:52:37:76:
0b:12:70:6a:e4:9b:4d:6a:80:a6:52:e5:23:54:78:f4:2f:8d:
34:62:89:41:68:f1:0d:b1:3e:5b:1c:01:3e:26:f4:f5:b3:0e:
b4:e2:58:ac:70:c9:61:e5:11:a3:45:32:69:73:7f:bc:da:4c:
be:31:0d:c2:6b:6a:34:83:0e:e8:a9:15:c5:ce:9b:87:2b:2b:
2b:69:67:54:5f:12:e2:7c:8d:d2:6b:de:20:42:6d:94:82:74:
15:8c:71:a3:22:03:0c:16:e6:64:9a:08:1d:3d:58:df:2b:91:
74:d1:12:ec:46:b4:7f:f5:13:4a:ba:50:b7:51:3b:cc:dd:e8:
36:60:d3:20:41:4a:41:a0:89:22:fc:80:d8:99:e9:67:da:5d:
f0:e6:f3:26:d2:a3:e6:e8:a9:69:30:df:53:10:b5:4f:0d:94:
0b:eb:bd:1c:ff:d9:1d:ab:db:92:ae:5a:aa:7a:84:6f:62:b3:
5f:71:71:cc:ad:6a:bd:af:84:2f:b0:cd:6a:00:6e:4a:06:fa:
19:04:60:46:34:cb:5f:b8:25:9d:8b:36:ea:e3:09:11:1c:61:
73:30:5c:fd:7d:b4:e9:ad:d1:ad:63:61:91:fc:49:da:03:9b:
00:01:91:c2:a3:bc:97:a3:0d:14:bf:a8:5e:36:4e:7c:6f:3d:
d3:8a:49:23:e7:1e:d1:67:9d:4a:fe:32:53:2e:df:5c:d3:49:
3e:17:8d:03:9d:0d:08:26:40:9a:da:79:46:c9:84:f9:1b:09:
3b:44:f7:3f:b8:76:20:4a:15:eb:88:8b:be:00:25:18:3f:e3:
65:dc:a2:d7:80:81:bd:21:53:da:b2:eb:9f:43:f6:a7:41:1a:
65:f5:4f:7f:8d:3d:3d:f9:7e:d9:17:15:68:a4:df:03:40:7f:
ec:bd:77:4f:94:4f:8b:38:2f:1e:80:b8:e9:40:c5:cf:d5:86:
28:e6:20:42:91:58:94:6d:0c:9e:9e:e6:dd:2f:4c:82:50:70:
f3:d7:aa:b0:6f:a7:23:16:08:1f:a9:cf:69:32:40:ae:2e:51:
11:2d:dd:80:9a:df:88:ec:82:b0:f4:04:d9:66:80:99:b5:38:
87:0e:03:3d:6f:f3:90:b8
-----BEGIN CERTIFICATE-----
MIIEyjCCArICAWUwDQYJKoZIhvcNAQEFBQAwKjELMAkGA1UEBhMCSUwxDDAKBgNV
BAoMA25ldzENMAsGA1UEAwwEeW95bzAeFw0yMjEyMTUwODQ5NTNaFw0yNDA0Mjgw
ODQ5NTNaMCwxCzAJBgNVBAYTAklMMQwwCgYDVQQKDANuZXcxDzANBgNVBAMMBnNl
cnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMarBjjpEBFkb2JT
BzcSZk8CiGy2obBXwFtJZ/G4eJDQw0S80JTnJEsBQUPRbeX/T215UjnmyfZcuksM
j6I63d7VphM2TNPcfDtZGR0ZBYwYGwxdLbIMWhwAtP5M3lUQFYGePMnbvqylpMyp
i3n51kOWqjUerVDDOw81r5en+zCOrP6MnkUjF5viGRby/ruOxH837pk0LL/4pIow
ybyASvXOOHK+Z35+t0WTlV/9WxmG0MT05Uvt6UjvTWqh1HKuaR0gcSteMKWwGVqW
DKtJ05JZRt8mzpSM6T3iPaxnAK3mb9wGZ/hFjRN4Oi4gtYDEJ+GjydoerCN4YwIC
QX7TddKGIrPd6IXrb+za0h2+pKk2QZUPCAeoClZM0GDh/6XOxwJja5ZckEV5K6rA
25FtkjHXYiXpv0B4phTaUWfihIa3evLXexFQkh89V2zHE6ln0WbxSs3siePiRasm
v601wokUxBCpe05x9+JTKIGMMv1wkHeeMMk9WQi7AHyBPkgQWvEsiG2XDsCOMYLE
ha9s/FAacKGyMy6StpPf+0mwEdYAt/nPYGFTyXioXEU8tWyM3Ix+YW53ZcI4kHpp
CCziQ4j4HjHaS93U4rc01bojJ/KaAFZVk9M89u4mFYJ5YAhGShWILs5XLkF6UYNb
3qMoM8HyVMkFp+pqYDyT6prrOgpfAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAJzC
/uJse2y7fL4BkUFMZzwrH5SOBXY7ifJMf+e4kx7xbBVZ8MlxOnmfxVnMLRpU+gor
7XHbF79Om9KnzqBYSilmt4hp2ad0dTNDTLHULxMc6NOS3yyBMVI3dgsScGrkm01q
gKZS5SNUePQvjTRiiUFo8Q2xPlscAT4m9PWzDrTiWKxwyWHlEaNFMmlzf7zaTL4x
DcJrajSDDuipFcXOm4crKytpZ1RfEuJ8jdJr3iBCbZSCdBWMcaMiAwwW5mSaCB09
WN8rkXTREuxGtH/1E0q6ULdRO8zd6DZg0yBBSkGgiSL8gNiZ6WfaXfDm8ybSo+bo
qWkw31MQtU8NlAvrvRz/2R2r25KuWqp6hG9is19xccytar2vhC+wzWoAbkoG+hkE
YEY0y1+4JZ2LNurjCREcYXMwXP19tOmt0a1jYZH8SdoDmwABkcKjvJejDRS/qF42
TnxvPdOKSSPnHtFnnUr+MlMu31zTST4XjQOdDQgmQJraeUbJhPkbCTtE9z+4diBK
FeuIi74AJRg/42XcoteAgb0hU9qy659D9qdBGmX1T3+NPT35ftkXFWik3wNAf+y9
d0+UT4s4Lx6AuOlAxc/VhijmIEKRWJRtDJ6e5t0vTIJQcPPXqrBvpyMWCB+pz2ky
QK4uUREt3YCa34jsgrD0BNlmgJm1OIcOAz1v85C4
-----END CERTIFICATE-----