Sign the Certificate Request
The next step is to sign the certificate request.
To sign the certificate request:
1 Send the certificate.req file you generated to your certificate authority for signing.
If the request is successful, the certificate authority will send back an identity certificate that is digitally signed with the certificate authority's private key.
Note: The certificate authority should return a base-64 encoded identity certificate.
2 Open the identity certificate and verify that the Issued to field includes the DNS suffix you provided upon creating the certificate request.
3 Build a certification chain from your identity certificate to your trusted root certificate.
In order to do this, you will need to obtain all of the intermediate certificates, as well as your root certificate authority's self-signed certificate.
If you are using a well-known certificate authority, the intermediate certificates and the root certificate authority's self-signed certificate can be downloaded from your certificate authority website. If you are using your own internal certificate authority, contact the necessary entity to provide you with the required intermediate and self-signed certificate.
In the above example, the certificate was issued by "Go Daddy Secure Certification Authority" to "*.ctera.com". In order to build the certification chain, it is necessary to obtain a certificate issued to "Go Daddy Secure Certification Authority".
This certificate was issued by "Go Daddy Class 2 Certification Authority" to " Go Daddy Secure Certification Authority". In order to continue the certification chain, it is necessary to obtain a certificate issued to "Go Daddy Class 2 Certification Authority".
Since this last certificate is a self-signed certificate, it was issued to and by the same entity, the certification chain is complete.
