Signing someone else's certificate signing request is the
function of a certificate authority. When you send a signed certificate
back, it can be used to start the server with the passphrase they
have. Embedded in the certificate is your public key. It must match
the public key you distribute to clients using your server.
To sign a certificate signing request, perform the following
steps. The certificate is signed after you respond to the last question.
Enter the required information to sign a certificate.
The inception time of a certificate is based on UTC (Coordinated
Universal Time). Verify with your system administrator that your
computer's UTC is set correctly.
CA Certificate File specification Use OpenVMS syntax (defaults to SSL$CRT:SERVER_CA.CRT).
CA Certificate Key File specification Use OpenVMS syntax (defaults to SSL$KEY:SERVER_CA.KEY).
Certificate Request File Use OpenVMS syntax (defaults to SSL$CRT:SERVER.CSR).
Signed Request File specification Use OpenVMS syntax (defaults to SSL$CRT:SIGNED.CRT).
Default Days The default number of days until the signed certificate expires.
PEM Passphrase This is a verification field only. You must use the same passphrase
you used to create the certificate authority (option 5).
View the details of the signed certificate (if you
chose to display the certificate):
Version (SSL 3.0 protocol)
Serial number (Certificates issued by a CA have
a serial number that is unique to the certificates issued by that
CA.)
HP Open Source Security for OpenVMS Volume 2:... 
Using the Certificate Tool
