create csr gui
Enter the requested information.
If the CN (common name) of the certificate is not set to the
hostname.domain of
the system, the browser responds with certificate errors.
Note: If the Common Name (CN=) field
starts with a number and is used as an identifier, it must have an ID: prefix.
For example, ID:1234
.
You are prompted to supply the organizational unit
(OU), country code (C), and so forth. Be sure to enter this information correctly. The last prompt
is:
What encryption algorithm should be used (1=DSA or 2=RSA)?
The default
encryption algorithm is RSA (2). DSA (Digital Signature Algorithm) is a federal information
processing standard (FIPS) for digital signatures. RSA is a public-key cryptosystem that involves
key generation, encryption, and decryption.
After you select a decryption algorithm, the system
displays a description of the request, followed by the request itself, and some additional
instructions. For example,
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=MA, L=Littleton, O=XYZCorp, OU=Accounting, CN=g2.xyz.com
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICWjCCAhcCAQAwVDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1dhbHRoYW0xETAPBgNVBAoTCEd1
YXJkaXVtMRUwEwYDVQQLEwxndWFyZGl1bS5jb20xCTAHBgNVBAMTADCCAbgwggEsBgcqhkjOOAQB
MIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2
y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQT
WhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3e
y7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8
FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB
TDv+z0kqA4GFAAKBgQCONsEB4g4/limbHkuZ5YnLn9CGM3a2evEnqjXZts4itxeTYwPQvdkjdSmQ
kaQlBxmNUsZOJZrq5nC5Cg3X9spa+BzFr+PgR/5zka17nHcxKXCjVjLk451L67KllXv61TUfv/bU
PKmiaGKDttsP2ktG4dBFXQdICJEGo0aNFCYn6qAAMAsGByqGSM44BAMFAAMwADAtAhUAhHTY5z9X
NiBAuyAC9PS4GzleYakCFF2kcfxfjX1BFy5I228XWMAU0N95
-----END NEW CERTIFICATE REQUEST-----
**************************************************************************
Copy and paste the Certificate Signing Request (CSR), starting at the
'-----BEGIN NEW CERTIFICATE REQUEST-----' tag and ending at the '-----END
NEW CERTIFICATE REQUEST-----' tag, to a file. The CSR file will need to be
provided to a Certificate Authority (CA) of your choice in order to obtain
a valid certificate. Please note that the certificate will need to be in PEM
format so that it can be imported into the Guardium appliance. Once you receive
the certificate from your CA, use the following CLI command to start the import
process:
<< store certificate gui >>
Note:
- For Common Name, enter the hostname in FQDN format (fully qualified domain name). If you connect
to the GUI normally using the short hostname (for example, system1) instead of
the FDQN (system1.us.ibm.com), Guardium returns an Address
Mismatch certificate error. Either change the CN to use the FDQN, or connect with
https://system1.us.ibm.com:8443/sqlguard to use the certificate.
- Country Code must be two letters.
- Keysize can be 1024 or 2048.