Generating a CSR from the IBM HTTP Server keystore
A Certificate Signing Request (CSR) is an encrypted text that is generated on the server that the certificate is used on. It contains organization information such as your organization name, common name (domain name), locality, and country that is included in your certificate. Certificate Authority uses the CSR to generate a trusted certificate.
About this task
< > ~ ! @ # $ % ^ * / \ ( ) ?):| Field | Description |
| Distinguished name (-dn) | The distinguished name indicates an X.500 distinguished name. The value is
input as a quoted string of the following format: CN=common_name, O=organization,
OU=organization_unit, L=location, ST=state, province, C=country Example: "CN=icfmserver1.icfm.ibm.com,OU=Analytics, O=IBM,L=Bethesda, ST=MD,POSTALCODE=20814,C=US" Note: Only CN, O, and C are required.
|
| Common Name (CN) | The fully qualified domain name (FQDN) of the ICFM server for single server environment or the Core server
for three-server environment. This value must be an exact match. Example: icfmserver1.icfm.ibm.com |
| Key Size (-size) | Key size. The 2048 key size is available if
you are using Global Security Kit (GSKit), Version 7.0.4.14 or later.
The default value is 2048. <512 | 1024 | 2048 | 4096> |
| Signature Algorithm (-sig_alg) |
Signature algorithm to use. The hashing algorithm that is used
during the creation of a self-signed certificate. This hashing algorithm is used to create the
signature that is associated with the newly created self-signed certificate. The default value is
SHA1WithRSA. <MD2_WITH_RSA | MD2WithRSA | MD5_WITH_RSA | MD5WithRSA | SHA1WithDSA | SHA1WithRSA | SHA2/ECDSA | SHA256_WITH_RSA | SHA256withECDSA | SHA256WithRSA | SHA2WithECDSA | SHA3/ECDSA | SHA384_WITH_RSA | SHA384withECDSA | SHA384WithRSA | SHA3WithECDSA | SHA5/ECDSA | SHA512_WITH_RSA | SHA512withECDSA | SHA512WithRSA | SHA5WithECDSA | SHA_WITH_DSA | SHA_WITH_RSA | SHAWithDSA | SHAWithRSA> |
| Keystore Password (-pw) | The password to access the IBM® HTTP Server key database. The password is set with the IHS.KEYSTORE.PWD property in the /icfminstall/cfm20_install/installs/instance_name/cfm20/topology/CFM.x.properties file (where x is 1 for a single server and 3 for a three-server installation). |
| Label Name (-label) | Indicates the label that is attached to the certificate or certificate
request. This value must be a unique name in the keystore. Example: icfmdev109ihs |
| Organization Unit (OU) | Section of the organization. Ensure that this value matches what is registered
with your certificate provider. Example: Analytics |
| Organization (O) | The exact legal name of your organization. Ensure that this value matches what
is registered with your certificate provider. Example: IBM |
| City/Locality (L) | The city where your organization is located. Ensure that this value matches
what is registered with your certificate provider. Example: Bethesda |
| State (ST) | The state where your organization is located. Ensure that this value matches
what is registered with your certificate provider. Example: MD |
| Postal Code (POSTALCODE) | The postal code where your organization is located. Ensure that this value
matches what is registered with your certificate provider. Example: 20814 |
| Country (C) | The two-letter ISO abbreviation for your country. Ensure that this value
matches what is registered with your certificate provider. Example: US |
| Certificate Request File (-file) |
Name of the file where the certificate request
is stored. Example: certreq_icfmdev109ihs.arm |