5.4.3 Creating a certificate file for SSL communication
By using the certutil reqgen command, create a CSR (certificate signing request).
- Organization of this subsection
(1) File path
installation-folder#\uCPSB\httpsd\sbin\certutil
#: In Linux, change installation-folder to /opt/jp1dh/server.
(2) Format
certutil reqgen [-sign {MD5|SHA1|SHA224|SHA256|SHA384|SHA512}] -key key-file -out CSR-file
(3) Operands
-
[-sign {MD5|SHA1|SHA224|SHA256|SHA384|SHA512}]
Specify the signature algorithm used for creating a CSR. If you omit this operand, the underlined signature algorithm is used.
MD5: Use md5WithRSAEncryption.
SHA1: Use sha1WithRSAEncryption.
SHA224: Use sha224WithRSAEncryption.
SHA256: Use sha256WithRSAEncryption.
SHA384: Use sha384WithRSAEncryption.
SHA512: Use sha512WithRSAEncryption.
-
-key key-file
Specify the name of the secret key file created in 5.4.1 Creating a secret key file for SSL communication.
-
-out CSR-file
Specify the file to which the created CSR is output.
Enter values for the required items interactively.
C(Country Name) : 2-character-country-code (JP for Japan) S(State or Province Name) : state-or-province-name L(Locality Name) : city-or-area-name O(Organization Name) : organization-name OU(Organization Unit Name) : organization-unit-name CN(Common Name) : FQDN-of-the-server-host EA(Email Address) : email-address
Example:
C(Country Name) : JP S(State or Province Name) : Tokyo L(Locality Name) : Shinagawa-ku O(Organization Name) : Hitachi, Ltd. OU(Organization Unit Name) : Software Development CN(Common Name) : jp1dhserver.foo1.foo2.co.jp EA(Email Address) : jp1dh-system@foo1.foo2.co.jp
(4) Obtaining a certificate file
Send a CSR to the CA (Certificate Authority) to obtain a signed certificate file in PEM (Privacy Enhanced Mail) format.