sestdiena, 2013. gada 28. decembris

Generate csr file for ssl certificate

I used OpenSSL to generate ssl file. I had only windows machines and certificate was requested by third party.
First you need newest OpenSSL and C++ Distributable
Second I was searching were the heck is that openssl file, by default it appears in C:\OpenSSL-Win32\bin directory.

Third you need right sintax. Here it is
c:\OpenSSL-Win32\bin>openssl req -new -nodes -keyout yourkeyname.key -out yourcertname.csr -newkey rsa:2048
Where yourkeyname.key is random name, that file is secret private key, dont give it away, it goes to web host yourcertname is name of csr file, name it as you wish just don't replace your previous files. Here is output: Notice rsa:2048 is used. It is used in common web servers.
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
writing new private key to 'yourkeyname.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:LV
State or Province Name (full name) [Some-State]:Yourregion
Locality Name (eg, city) []:Yourcity
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Yourcompanyname
Organizational Unit Name (eg, section) []:departmentname
Common Name (e.g. server FQDN or YOUR name) []:yourdomain.com
Email Address []:yourmail@yourdomain.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:yourpassword
An optional company name []:yourcompanyname
Where "your" atributes is entered by you.  :). Notice yourdomain.com will be certified domain name, if you wish prefix  www then you must enter www.yourdomain.com  You can check csr file constinency by online tools  or by OpenSSL but better use online tools. Here are output of csr check.
c:\OpenSSL-Win32\bin>openssl req -noout -text -in yourcertname.csr
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=YC, ST=Yourregion, L=Yourcity, O=Yourcompanyname, OU=departmentname, CN
=yourdomain.com/emailAddress=yourmail@yourdomain.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e3:79:a8:7f:aa:72:0b:8b:8d:f7:2a:4c:3a:f0:
                    f2:7d:55:95:2e:01:0b:c3:5d:76:b5:75:a0:0d:67:
Notice- that email will be seen in your certificate.

Autors: plkst.
Etiķetes: , ,

Nav komentāru:

Ierakstīt komentāru

Abonēt: Ziņas komentāri (Atom)