I do have private key(my_ca.key) and public key(my_cert.crt) which is signed by DigiCert. Now I want to create RA(Registration Authority) and sign it by my private key . Here is the way I tried to do that. But when I try to export private and public key as pkcs12 file I have been getting error like this unable to get local issuer certificate getting chain. No idea how to solve this. Here my_cert.crt is extended from DigiCert High Assurance CA-3 and that one extended from DigiCert High Assurance EV Root CA
SSL_SUBJ="/C=LK/ST=Colombo/L=Colombo/O=Nope/OU=mobile/CN=My root"
openssl genrsa -out ra.key 4096
openssl req -new -key ra.key -out ra.csr -subj "$SSL_SUBJ"
openssl x509 -req -days 365 -in ra.csr -CA my_cert.pem -CAkey my_ca.pem - set_serial 76964474 -out ra.crt
openssl rsa -in ra.key -text > ra_private.pem
openssl x509 -in ra.crt -out ra_cert.pem
openssl pkcs12 -export -out ca.p12 -inkey my_ca.pem -in my_cert.pem -name "cacert" -passout pass:password
openssl pkcs12 -export -out ra.p12 -inkey ra_private.pem -in ra_cert.pem - chain -CAfile my_cert.pem -name "racert" -passout pass:password
