OpenSSL as a CA without touching the certs/crl/index/etc environment

Question

I think I have the right OpenSSL command to sign a certificate but I\'ve gotten stuck and the tutorials I\'ve found use a different argument format (I\'m using OpenSSL 0.9.8o 01

Answer 1

Based on snow6oy's answer, here's what I did:

openssl x509 -req -CA CACert.pem -CAkey CAKey.pem -CAcreateserial -in YourCSR.csr -out YourCert.pem

A couple optional flags that may be useful:

• -days 1095
  (The default is 30 days)

• -sha256
  (RHEL 7 defaults to SHA-1)