A certificate signing request
(CSR) is an unsigned certificate that is a text file.
About this task
When you submit an unsigned certificate to a certificate
authority, the CA signs the certificate with the private digital signature.
The signature is included in their corresponding CA certificate. When
the CSR is signed, it becomes a valid certificate. A CSR contains
information about your organization, such as the organization name,
country, and the public key for your web server.
Procedure
- At the Main Menu of the certTool, type A.
The following message and prompt are displayed:
Enter values for certificate request (press enter to skip value)
-------------------------------------------------------------------------
- At Organization, type your organization
name and press Enter.
- At Organizational Unit, type the
organizational unit and press Enter.
- At Agent Name, type the name of
the adapter for which you are requesting a certificate and press Enter.
- At email, type the email address
of the contact person for this request and press Enter.
- At State, type the state that the
adapter is in and press Enter.
For
example, type TX if the adapter is in Texas.
Some certificate authorities do not accept two letter abbreviations
for states; type the full name of the state.
- At Country, type the country that
the adapter is in and press Enter.
- At Locality, type the name of the
city that the adapter is in and press Enter.
- At Accept these values, take one
of the following actions and press Enter:
- Type Y to accept the displayed values.
- Type N and specify different values.
The private key and certificate request are generated after
the values are accepted.
- At Enter name of file to store PEM cert request,
type the name of the file and press Enter.
Specify the file that you want to use to store the values you specified
in the previous steps.
- Press Enter to continue.
The certificate request and input values are written to the file that
you specified. The file is copied to the adapter bin directory
and the Main menu is displayed again.
Results
You can now request a certificate from a trusted CA by
sending the .pem file that you generated to a
certificate authority vendor.