1. Create a root CA.
2. Create a sub CA, signed by the root CA.
3. Run command:
bin/ejbca.sh ca getcacert SubCA SubCA.crt -der
4. Check subject of the output certificate:
openssl x509 -noout -subject -inform der -in SubCA.crt
1. Subject DN of sub CA is shown.
1. Subject DN of root CA is shown.