Generating a private key and certificate request

A certificate signing request (CSR) is an unsigned certificate that is a text file.

About this task

When you submit an unsigned certificate to a certificate authority, the CA signs the certificate with the private digital signature. The signature is included in their corresponding CA certificate. When the CSR is signed, it becomes a valid certificate. A CSR contains information about your organization, such as the organization name, country, and the public key for your web server.

Procedure

  1. At the Main Menu of the certTool, type A. The following message and prompt are displayed:
    Enter values for certificate request (press enter to skip value) 
    -------------------------------------------------------------------------
  2. At Organization, type your organization name and press Enter.
  3. At Organizational Unit, type the organizational unit and press Enter.
  4. At Agent Name, type the name of the adapter for which you are requesting a certificate and press Enter.
  5. At email, type the email address of the contact person for this request and press Enter.
  6. At State, type the state that the adapter is in and press Enter.
    For example, type TX if the adapter is in Texas. Some certificate authorities do not accept two letter abbreviations for states; type the full name of the state.
  7. At Country, type the country that the adapter is in and press Enter.
  8. At Locality, type the name of the city that the adapter is in and press Enter.
  9. At Accept these values, take one of the following actions and press Enter:
    • Type Y to accept the displayed values.
    • Type N and specify different values.

    The private key and certificate request are generated after the values are accepted.

  10. At Enter name of file to store PEM cert request, type the name of the file and press Enter. Specify the file that you want to use to store the values you specified in the previous steps.
  11. Press Enter to continue. The certificate request and input values are written to the file that you specified. The file is copied to the adapter bin directory and the Main menu is displayed again.

Results

You can now request a certificate from a trusted CA by sending the .pem file that you generated to a certificate authority vendor.