|
|
|
Certificates are created for authentication. They associate a public key with the identity of a user or server. The next step after generating a private key is to generate a certificate request, or Certificate Signing Request (CSR), using the private key. You can send the CSR to a Certificate Authority for signing into a certificate, or you can create a self-signed certificate.
Note: We recommend you to create a self-signed certificate for testing or internal uses only.
To create a CSR with the RSA server private key, enter the following command:
openssl req -config openssl.cnf -new -key server.key -out server.csr
You are prompted for several answers to identify the request.
Note: This command presupposes the existence of an openssl configuration file in the present working directory. The file is located at <install dir>\SSL\bin\openssl.cnf. If you change the name, or move it to another location, enter the correct location of openssl.cnf in the command line.
The CSR output file is in an ASCII PEM Privacy Enhanced Mail (PEM) format. You can specify a different format with the -outform option.
To view details about the CSR, use the following command:
openssl req -noout -text -in server.csr
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |