jpcwtool https create certreq
- Organization of this page
Format
jpcwtool https create certreq -f certificate-signing-request-(CSR)-output-file [-d private-key-file-output-directory] [-des|-des3] [-bits {2048|4096}] [-sign {SHA256|SHA384|SHA512}] [-noquery]
Function
The command jpcwtool https create certreq creates a certificate signing request (CSR) file for obtaining a server certificate, a private key file, and a private key password file. The information to be set is entered interactively.
Use the files created by this command to configure encrypted communication between the Web browser and the monitoring console server. For details about how to configure these settings, see the description about changing the settings for encrypted communication between a Web browser and the monitoring console server in the JP1/Performance Management Planning and Configuration Guide.
Hosts that can execute the command
PFM - Web Console
Execution permission
- In Windows:
-
User with Administrators permissions
- In UNIX:
-
User with root user permissions
Installation directory
- In Windows:
-
installation-folder\tools\
- In UNIX:
-
/opt/jp1pcwebcon/tools/
Arguments
-f certificate-signing-request-(CSR)-output-file
Specify the name of the certificate signing request (CSR) file for obtaining a server certificate, excluding the file extension, in certificate-signing-request-(CSR)-output-file. The maximum length is 251 bytes. For details about how to specify the file path, see Specifying files and directories.
The specified file certificate-signing-request-(CSR)-output-file.csr will be created.
-d private-key-file-output-directory
Specify the directory to which the private key file is to be output in private-key-file-output-directory. The maximum length is 234 bytes. For details about how to specify the directory, see Specifying files and directories.
If you omit this option, the file will be output to the folder for storing encrypted communication files.
If the option -des or -des3 is specified, a private key password file will also be output to the same directory.
The names of the files that will be output are as follows:
-
Private key file: jpcwhttpskey.pem
-
Private key password file: jpcwhttpskeypass.dat
-des|-des3
Specifies the type of encryption of the private key file when you set a password for the private key. When you specify the option -des, DES (Data Encryption Standard) encryption is used. When you specify the option -des3, triple DES encryption is used.
When this option is specified, the user will be prompted to enter the password of the private key four times during the execution of this command.
If this option is omitted, no password is set for the private key.
-bits {2048|4096}
Specifies the bit length of the private key to be created.
If this option is omitted, 2048 is assumed.
-sign {SHA256|SHA384|SHA512}
Specifies the signature algorithm to use when creating the certificate signing request file.
The algorithms corresponding to each input value are as follows:
-
SHA256: sha256WithRSAEncryption
-
SHA384: sha384WithRSAEncryption
-
SHA512: sha512WithRSAEncryption
If this option is omitted, SHA256 is assumed.
Depending on the certificate authority that issues the server certificate, at the time the certificate signing request is made, the signature algorithm might have already been determined, or the server certificate might be issued using a signature algorithm selected at the time of the request.
In these cases, the setting value specified here is ignored.
-noquery
When this option is specified, query messages that interrupt execution of the command are no longer output, and no response from the user is required. Specify this option if you want to execute the command non-interactively.
If an output destination file specified with the option -f or -d already exists, it will be overwritten.
If this option is omitted, a message is displayed to confirm whether to overwrite the file.
Specifying files and directories
-
Absolute or relative paths can be specified. If you specify a relative path, specify the path from the directory that is the current directory when the command is executed.
-
Be careful not to exceed the maximum number of characters for the particular path you are specifying. If you specify a relative path, make sure it will not exceed the maximum number of characters when converted to an absolute path.
-
You can use single-byte alphanumeric characters, as well as the following symbols:
- # $ ( ) . / : @ [ ] _ { } + = single-byte space
A path that includes an opening or closing parenthesis (( or )), an equals sign (=), or a single-byte space must be enclosed in double quotation marks (").
The \ character can be used only as a path separator.
Information to be entered during execution of the command
During execution of the command, the user is prompted to enter the following information:
-
The information to be set in the certificate signing request file
-
The password for the private key (only if the option -des or -des3 is specified)
The items that the user is prompted to enter are as follows.
No. |
Input field |
Description |
Required/optional#1 |
---|---|---|---|
1 |
Country Name (2 letter code) |
Country code (uppercase two-letter ISO abbreviation indicating the country) |
Required |
2 |
State or Province Name (full name) |
Name of a state or province |
Optional |
3 |
Locality Name (eg,city) |
Name of a city or other locality |
Optional |
4 |
Organization Name (eg, company) |
Name of a company or other organization |
Optional |
5 |
Organizational Unit Name (eg, section) |
Name of a section or other organizational unit |
Optional |
6 |
Common Name (eg, YOUR name) |
Name of the PFM - Web Console host, or the logical host name in the case of a cluster system#2 |
Required |
7 |
Email Address#3 |
Email address |
Optional |
8 |
A challenge password#3 |
Password necessary to ask the certificate authority to discard or disable a certificate#4 |
Optional |
9 |
An optional company name#3 |
Name that is specified when an organization name different from the one specified in Organization Name in No. 4 is assigned#4 |
Optional |
No. |
Input field |
Contents |
Required/optional |
---|---|---|---|
1 |
Enter pass phrase for file-path-of-private-key |
This is the password for the private key. You will be prompted to enter the password four times. Enter the same password each time. |
Required |
2 |
Verifying - Enter pass phrase for file-path-of-private-key |
||
3 |
Enter PEM passphrase |
- The rules for specifying the input fields are as follows:
-
-
You can enter up to 255 characters for each input field, but the total number of characters in all the input fields in the certificate signing request file cannot exceed 485 characters. Note that this limit on the total number of characters includes the backslash escape character (\), which is automatically prefixed to the characters ,, +, and = in the file that is output.
-
The password for the private key. You can enter a password that is at least four characters long but does not exceed 64 characters.
-
Use single-byte alphanumeric characters. Uppercase and lowercase letters are treated as different. The @ character is permitted only in the email address and the private key password, but the following symbols are permitted in all input fields:
' - ( ) , . / : ? + = single-byte space
If you enter only periods (.) in the input field, nothing will be displayed for that field.
-
Notes
-
When you answer y or Y when prompted to overwrite the file, or the -noquery option is specified, the file to be overwritten will be deleted even if the attempt to output the new file fails.
-
This command cannot be executed concurrently with the command jpcwtool https on the same host.
-
Private key files and private key password files created in Windows cannot be used in UNIX. Similarly, files created in UNIX cannot be used in Windows.
Return values
0 |
The command terminated normally. |
1 |
An argument specification is invalid. |
2 |
The user does not have execution permission for the command. |
3 |
A file or directory cannot be accessed. |
4 |
Creation of the certificate signing request file failed. |
5 |
Creation of the private key file failed. |
6 |
Creation of the private key password file failed (only if the option -des or -des3 is specified). |
80 |
The command was aborted because the user entered something other than y or Y in response to the confirmation prompt when -noquery was not specified. |
100 |
The PFM - Web Console environment is invalid. |
200 |
A memory shortage occurred. |
203 |
An error occurred during output of the file. |
210 |
A disk space shortage occurred. |
255 |
An unexpected error occurred. |
Usage example
This example outputs the certificate signing request file to the file httpsd.csr in the directory /tmp and then sets the password for the private key. In Windows, when the password is entered, the * characters appear only the fourth time the password is entered.
> ./jpcwtool https create certreq -f /tmp/httpsd -des3 372 semi-random bytes loaded Generating RSA private key, 1024 bit long modulus ...............++++++ ..............................++++++ e is 65537 (0x10001) Enter pass phrase for /opt/jp1pcwebcon/CPSB/httpsd/cone/ssl/server/jpcwhttpskey.pem: Verifying - Enter pass phrase for /opt/jp1pcwebcon/CPSB/httpsd/cone/ssl/server/jpcwhttpskey.pem: Enter pass phrase for /opt/jp1pcwebcon/CPSB/httpsd/cone/ssl/server/jpcwhttpskey.pem: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Kanagawa Locality Name (eg, city) []:Yokohama-shi Organization Name (eg, company) [Internet Widgits Pty Ltd]:HITACHI Organizational Unit Name (eg, section) []:WebSite Common Name (e.g. server FQDN or YOUR name) []:pfm.hitachi.co.jp Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Enter PEM pass phrase: KAVJT6553-I Output of the certificate signing request and private key ended normally.