Creating a CSR (Certificate Signing Request)
Log in as smeconfiguser then become root
Generate a config file we'll use, update the <server fqdn> with the URL you'd like to use for access.
[ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) organizationName = Organization Name (eg, company) commonName = Common Name (POC Server FQDN) [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = <server fqdn>
Next we'll use this config file and generate a key and csr, please fill out the releavnt locality info during this setup:
openssl req -out server.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf
This will generate 2 files:
Copy the file private.key to the private certs folder
cp private.key /etc/pki/tls/private/
Ensure the file is in the proper location before deleting it:
cat /etc/pki/tls/private/private.key rm private.key
Send the CSR to the Certificate Authority of choice
The certificate authority will reply with a signed public key and intermediary certs. These can be uploaded to the File Fabric when configuring via smeconfigserver.