E.2 Creating a Certificate Signing Request (CSR)
The following describes the command provided by JP1/AJS3 - Web Console to create a Certificate Signing Request (CSR). The provided command varies depending on the version of JP1/AJS3 - Web Console. The created CSR file is submitted to the Certification Authority (CA), which then issues the signed certificate. The CSR is created in the format conforming to PKCS #10.
- Format
-
For JP1/AJS3 - Web Console version 11-10-02 or earlier, or version 11-00-10 or earlier.
certutil reqgen [-sign signature-algorithm] -key key-file -out CSR-file
The path to be specified for the certutil command is JP1/AJS3-Web-Consoleinstallation-folder\uCPSB\httpsd\sbin\certutil for Windows, and /opt/jp1ajs3web/uCPSB/httpsd/sbin/certutil for Linux.
For a version other than those listed above:
- In Windows:
openssl.bat req -new [signature-algorithm] -key key-file -out CSR-file
The path of the openssl.bat is JP1/AJS3-Web-Console-installation-folder\uCPSB\httpsd\sbin\openssl.bat.
For details about execution permission required for the openssl.bat, see the official website of OpenSSL.
- In Linux:
openssl.sh req -new [signature-algorithm] -key key-file -out CSR-file
The path of the openssl.sh is /opt/jp1ajs3web/uCPSB/httpsd/sbin/openssl.sh.
For details about execution permission required for the openssl.sh, see the official website of OpenSSL.
- Parameters
-
- -sign signature-algorithm
-
For the certutil reqgen command, specify the signature algorithm to be used to create the CSR. Available signature algorithms are as follows:
-
MD5
md5WithRSAEncryption is used.
-
SHA1
sha1WithRSAEncryption is used.
-
SHA224
sha224WithRSAEncryption is used.
-
SHA256
sha256WithRSAEncryption is used.
-
SHA384
sha384WithRSAEncryption is used.
-
SHA512
sha512WithRSAEncryption is used.
If this argument is omitted, specification of SHA1 is assumed.
-
- signature-algorithm
-
For the openssl.bat req command or the openssl.sh req command, specify the signature algorithm to be used to create the CSR. Available signature algorithms are as follows:
-
-md5
md5WithRSAEncryption is used.
-
-sha1
sha1WithRSAEncryption is used.
-
-sha224
sha224WithRSAEncryption is used.
-
-sha256
sha256WithRSAEncryption is used.
-
-sha384
sha384WithRSAEncryption is used.
-
-sha512
sha512WithRSAEncryption is used.
If this argument is omitted, specification of -sha256 is assumed.
-
- -key key-file
-
Specify the path of the private key file that was created in the procedure described in E.1 Creating a private key.
- -out CSR-file
-
Specify the file to which the created CSR is output.
- Usage example 1
-
The following example shows how to use the certutil reqgen command to create a CSR (httpsd.csr) by using a private key (httpsdkey.pem):
certutil reqgen -sign SHA256 -key httpsdkey.pem -out httpsd.csr
- Usage example 2
-
The following example shows how to use the openssl.bat req command to create a CSR (httpsd.csr) by using a private key (httpsdkey.pem):
openssl.bat req -new -sha256 -key httpsdkey.pem -out httpsd.csr
For the items to be set, follow the instructions given by the CA to which you want to send the CSR.