Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
cloudappliance/createcsr [2018_05_17 00:04] – steven | cloudappliance:createcsr [2022_10_18 12:53] – changed to generate a valid SAN cert eric | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Creating a CSR (Certificate Signing Request) ====== | ====== Creating a CSR (Certificate Signing Request) ====== | ||
- | Log in as smeconfiguser | + | Log in as smeconfiguser |
- | openssl req -new -newkey rsa:2048 -nodes | + | Generate a config file we'll use, update the <server fqdn> with the URL you'd like to use for access. |
+ | |||
+ | vim san.cnf | ||
+ | |||
+ | [ req ] | ||
+ | default_bits | ||
+ | distinguished_name = req_distinguished_name | ||
+ | req_extensions | ||
+ | [ req_distinguished_name ] | ||
+ | countryName | ||
+ | stateOrProvinceName | ||
+ | localityName | ||
+ | organizationName | ||
+ | commonName | ||
+ | [ req_ext ] | ||
+ | subjectAltName = @alt_names | ||
+ | [alt_names] | ||
+ | DNS.1 = <server fqdn> | ||
+ | |||
+ | Next we'll use this config file and generate a key and csr, please fill out the releavnt locality info during this setup: | ||
+ | openssl req -out server.csr | ||
This will generate 2 files: | This will generate 2 files: | ||
- | | + | |
- | | + | |
- | Copy the file tuamdocs_directroute_ie.key to the private certs folder | + | Copy the file private.key to the private certs folder |
- | cp tuamdocs_directroute_ie.key / | + | cp private.key / |
Ensure the file is in the proper location before deleting it: | Ensure the file is in the proper location before deleting it: | ||
- | cat / | + | cat / |
- | rm tuamdocs_directroute_ie.key | + | rm private.key |
Send the CSR to the Certificate Authority of choice | Send the CSR to the Certificate Authority of choice | ||
- | cat tuamdocs_directroute_ie.csr | + | cat |
The certificate authority will reply with a signed public key and intermediary certs. | The certificate authority will reply with a signed public key and intermediary certs. | ||
- | These can be uploaded to the File Fabric. | + | These can be uploaded to the File Fabric |
+ |