E.3 Creating a Certificate Signing Request (CSR)
The following describes the command provided by JP1/AJS3 - Web Console to create a Certificate Signing Request (CSR). The created CSR file is submitted to the Certification Authority (CA), which then issues the signed certificate. The CSR is created in the format conforming to PKCS #10.
- Format
-
- In Windows:
openssl.bat req -new [signature-algorithm] -key key-file -out CSR-file
The path of the openssl.bat is JP1/AJS3-Web-Console-installation-folder\uCPSB\httpsd\sbin\openssl.bat.
For details about execution permission required for the openssl.bat, see the official website of OpenSSL.
- In Linux:
openssl.sh req -new [signature-algorithm] -key key-file -out CSR-file
The path of the openssl.sh is /opt/jp1ajs3web/uCPSB/httpsd/sbin/openssl.sh.
For details about execution permission required for the openssl.sh, see the official website of OpenSSL.
- Parameters
-
- -sign signature-algorithm
-
For the certutil reqgen command, specify the signature algorithm to be used to create the CSR. Available signature algorithms are as follows:
-
MD5
md5WithRSAEncryption is used.
-
SHA1
sha1WithRSAEncryption is used.
-
SHA224
sha224WithRSAEncryption is used.
-
SHA256
sha256WithRSAEncryption is used.
-
SHA384
sha384WithRSAEncryption is used.
-
SHA512
sha512WithRSAEncryption is used.
If this argument is omitted, specification of SHA1 is assumed.
-
- signature-algorithm
-
For the openssl.bat req command or the openssl.sh req command, specify the signature algorithm to be used to create the CSR. Available signature algorithms are as follows:
-
-md5
md5WithRSAEncryption is used.
-
-sha1
sha1WithRSAEncryption is used.
-
-sha224
sha224WithRSAEncryption is used.
-
-sha256
sha256WithRSAEncryption is used.
-
-sha384
sha384WithRSAEncryption is used.
-
-sha512
sha512WithRSAEncryption is used.
If this argument is omitted, specification of -sha256 is assumed.
-
- -key key-file
-
Specify the path of the private key file that was created in the procedure described in E.1 Creating a private key.
- -out CSR-file
-
Specify the file to which the created CSR is output.
- Usage example 1
-
The following example shows how to use the certutil reqgen command to create a CSR (httpsd.csr) by using a private key (httpsdkey.pem):
certutil reqgen -sign SHA256 -key httpsdkey.pem -out httpsd.csr
- Usage example 2
-
The following example shows how to use the openssl.bat req command to create a CSR (httpsd.csr) by using a private key (httpsdkey.pem):
openssl.bat req -new -sha256 -key httpsdkey.pem -out httpsd.csr
For the items to be set, follow the instructions given by the CA to which you want to send the CSR.