Although the
CA.pl creates RSA CAs and requests it is still possible to use it with DSA certificates and requests using the openssl_req(1) command directly. The following example shows the steps that would typically be taken.Create some DSA parameters:
openssl dsaparam -out dsap.pem 1024
Create a DSA CA certificate and private key:
openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem
Create the CA directories and files:
CA.pl -newca
enter cacert.pem when prompted for the CA file name.
Create a DSA certificate request and private key (a different set of parameters can optionally be created first):
openssl req -out newreq.pem -newkey dsa:dsap.pem
Sign the request:
CA.pl -signreq