Hitachi

JP1 Version 12 JP1/Automatic Job Management System 3 Configuration Guide

E.2 Creating a Certificate Signing Request (CSR)

The following describes the command provided by JP1/AJS3 - Web Console to create a Certificate Signing Request (CSR). The provided command varies depending on the version of JP1/AJS3 - Web Console. The created CSR file is submitted to the Certification Authority (CA), which then issues the signed certificate. The CSR is created in the format conforming to PKCS #10.

Format

For JP1/AJS3 - Web Console version 11-10-02 or earlier, or version 11-00-10 or earlier.

certutil reqgen [-sign signature-algorithm] -key key-file -out CSR-file

The path to be specified for the certutil command is JP1/AJS3-Web-Consoleinstallation-folder\uCPSB\httpsd\sbin\certutil for Windows, and /opt/jp1ajs3web/uCPSB/httpsd/sbin/certutil for Linux.

For a version other than those listed above:

In Windows:
openssl.bat req -new [signature-algorithm] -key key-file -out CSR-file

The path of the openssl.bat is JP1/AJS3-Web-Console-installation-folder\uCPSB\httpsd\sbin\openssl.bat.

For details about execution permission required for the openssl.bat, see the official website of OpenSSL.

In Linux:
openssl.sh req -new [signature-algorithm] -key key-file -out CSR-file

The path of the openssl.sh is /opt/jp1ajs3web/uCPSB/httpsd/sbin/openssl.sh.

For details about execution permission required for the openssl.sh, see the official website of OpenSSL.

Parameters
-sign signature-algorithm

For the certutil reqgen command, specify the signature algorithm to be used to create the CSR. Available signature algorithms are as follows:

  • MD5

    md5WithRSAEncryption is used.

  • SHA1

    sha1WithRSAEncryption is used.

  • SHA224

    sha224WithRSAEncryption is used.

  • SHA256

    sha256WithRSAEncryption is used.

  • SHA384

    sha384WithRSAEncryption is used.

  • SHA512

    sha512WithRSAEncryption is used.

If this argument is omitted, specification of SHA1 is assumed.

signature-algorithm

For the openssl.bat req command or the openssl.sh req command, specify the signature algorithm to be used to create the CSR. Available signature algorithms are as follows:

  • -md5

    md5WithRSAEncryption is used.

  • -sha1

    sha1WithRSAEncryption is used.

  • -sha224

    sha224WithRSAEncryption is used.

  • -sha256

    sha256WithRSAEncryption is used.

  • -sha384

    sha384WithRSAEncryption is used.

  • -sha512

    sha512WithRSAEncryption is used.

If this argument is omitted, specification of -sha256 is assumed.

-key key-file

Specify the path of the private key file that was created in the procedure described in E.1 Creating a private key.

-out CSR-file

Specify the file to which the created CSR is output.

Usage example 1

The following example shows how to use the certutil reqgen command to create a CSR (httpsd.csr) by using a private key (httpsdkey.pem): 

certutil reqgen -sign SHA256 -key httpsdkey.pem -out httpsd.csr
Usage example 2

The following example shows how to use the openssl.bat req command to create a CSR (httpsd.csr) by using a private key (httpsdkey.pem): 

openssl.bat req -new -sha256 -key httpsdkey.pem -out httpsd.csr

For the items to be set, follow the instructions given by the CA to which you want to send the CSR.

To Page Top

Copyright (C) 2019, 2022, Hitachi, Ltd.

Copyright (C) 2019, 2022, Hitachi Solutions, Ltd.