5.4.3 Creating a certificate file for SSL communication
By using the openssl.bat command, create a CSR (certificate signing request).
- Organization of this subsection
(1) File path
installation-folder#\uCPSB\httpsd\sbin\openssl.bat
#: In Linux, change installation-folder to /opt/jp1dh/server.
(2) Format
-
In Windows
openssl.bat req -new [-md5|-sha1|-sha224|-sha256|-sha384|-sha512] -key key-file -out CSR-file
-
In Linux
openssl.sh req -new [-md5|-sha1|-sha224|-sha256|-sha384|-sha512] -key key-file -out CSR-file
(3) Operands
- Important
-
In the case of Linux, you cannot specify an operand containing single-byte spaces.
-
[-md5|-sha1|-sha224|-sha256|-sha384|-sha512]
Specify the signature algorithm used for creating a CSR. If you omit this operand, the underlined signature algorithm is used.
md5: Use md5WithRSAEncryption.
sha1: Use sha1WithRSAEncryption.
sha224: Use sha224WithRSAEncryption.
sha256: Use sha256WithRSAEncryption.
sha384: Use sha384WithRSAEncryption.
sha512: Use sha512WithRSAEncryption.
- Important
-
The signature algorithms md5 and sha1 are becoming more dangerous with decreased safety. Therefore, specify the signature algorithms value other than.
-
-key key-file
Specify the name of the secret key file created in 5.4.1 Creating a secret key file for SSL communication.
-
-out CSR-file
Specify the file to which the created CSR is output.
Enter values for the required items interactively.
C(Country Name) : 2-character-country-code (JP for Japan) S(State or Province Name) : state-or-province-name L(Locality Name) : city-or-area-name O(Organization Name) : organization-name OU(Organization Unit Name) : organization-unit-name CN(Common Name) : FQDN-of-the-server-host EA(Email Address) : email-address
Example:
C(Country Name) : JP S(State or Province Name) : Tokyo L(Locality Name) : Shinagawa-ku O(Organization Name) : Hitachi,Ltd. OU(Organization Unit Name) : SoftwareDevelopment CN(Common Name) : jp1dhserver.foo1.foo2.co.jp EA(Email Address) : jp1dh-system@foo1.foo2.co.jp
(4) Obtaining a certificate file
Send a CSR to the CA (Certificate Authority) to obtain a signed certificate file in PEM (Privacy Enhanced Mail) format.
If creating a self-signed server certificate, follow the procedure in 12.3.7 selfsigned.bat (creating a self-signed server certificate).