Lab 2 - Certificates/README.md

@@ -180,7 +180,6 @@ openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
 ```
 
 ## Create Certificate Chain
-### Preparation
 ```sh
 mkdir -p /root/intermediate
 echo 1000 > /root/intermediate/serial
@@ -264,33 +263,14 @@ authorityKeyIdentifier = keyid,issuer                       # Authority key iden
 openssl genrsa -out /root/intermediate/intermediate.key.pem 4096
 ```
 
-### Requesting an Intermediate Certificate
+Requesting and signing intermediate certificate:
-Be sure to specify a fantasy domain name as "Common Name" while generating the request.
 
 ```sh
 cd /root/intermediate
 
 # Create Request
 openssl req -new -newkey rsa:2048 -nodes -key intermediate.key.pem -out intermediate.req
-```
 
-### Signing the Intermediate Certificate
+# Sign Certificate
-```sh
-openssl ca -config /root/ca/openssl.cnf -extensions v3_intermediate_ca -days 3650 -notext -md sha256 -in intermediate.req -out intermediate.cer
-```
-
-You might notice, that - probably due to an error in the lab's paper - signing the certificate is not working.
-
-This is caused by the `policy_strict` policy which requires the country, city and company of certificate requests to equal with the corresponding fields of the CA's certificate.
-
-Change the CA's `policy` configuration to `policy_loose` in order to address the issue:
-
-```sh
-sed -i 's/^\(policy *= policy_\)strict/\1loose/' /root/ca/openssl.cnf
-```
-
-After that, signing works properly:
-
-```sh
 openssl ca -config /root/ca/openssl.cnf -extensions v3_intermediate_ca -days 3650 -notext -md sha256 -in intermediate.req -out intermediate.cer
 ```