Next: On-card Certificate, Previous: Signing the CSR, Up: Certificate Preparation
Once the CSR has been signed, you should end up with a certificate file floppy-head.crt, which you then have to import into GPGSM. It is also recommended that you import the root certificate of the CA first in the same fashion.
$ gpgsm --import floppy-head.crt gpgsm: certificate imported gpgsm: total number processed: 1 gpgsm: imported: 1
gpgsm tells you that it has imported the certificate. It is now associated with the key you used when creating the request. To see the content of your certificate, you may now enter:
$ gpgsm -K Floppy /home/foo/.gnupg/pubring.kbx --------------------------- Serial number: 10 Issuer: /CN=Snake Oil CA/OU=Certificate Authority/O=Snake Oil, Ltd/L=Snake Town/ST=Snake Desert/C=XY/EMail=ca@snakeoil.dom Subject: /CN=Floppy Head/OU=Webserver Team/O=Snake Oil, Ltd/ST=Snake Desert/C=XY validity: 2006-11-11 14:09:12 through 2007-11-11 14:09:12 key type: 1024 bit RSA fingerprint: EC:93:A2:55:C6:58:7F:C9:9E:96:DB:12:6E:64:99:54:BB:E1:94:68
The option “-K
” is used above because this will only list
certificates for which a private key is available. To see more details,
you may use “--dump-secret-keys
” instead of “-K
”.