Creating and submitting the certificate request

To create a certificate request:

  1. Enter the following command in your SSH client:
    sudo cert-req
  2. When prompted, enter the qualified domain name of the host, for example, soar.example.com
  3. When prompted, enter the subject alternate name of this certificate, for example res.example.com or res2.example.com. Some browsers, such as Chrome and Firefox, require the certificate alternate name while others browsers do not.
  4. When prompted, enter the name of your company, for example, My Company, Inc.
  5. When prompted, enter the name of your group in the company, for example, Incident Response.
  6. When prompted, enter your city, for example, Cambridge.
  7. When prompted, enter your state. Most CAs do not accept your request if you use a state abbreviation, for example, enter Massachusetts.
  8. When prompted, enter the abbreviation for your country, for example, US.

    You can locate the certificate request in /crypt/certs/certreq.pem directory and it appears on the screen, as follows:

    -----BEGIN NEW CERTIFICATE REQUEST-----
    MIIDAjCCAeoCAQAwgYwxCzAJBgNVB...
    -----END NEW CERTIFICATE REQUEST-----
    
  9. Copy the content of the certificate request to the clipboard, starting with the "-----BEGIN NEW CERTIFICATE REQUEST-----" and ending with the "-----END NEW CERTIFICATE REQUEST-----".

    In PuTTY, you use the left mouse button to select text. The act of selection automatically copies the text to the clipboard. You do not need to press any other key. The only thing you need to do to copy text to the clipboard is to select it.

Once you have the request, you need to have it signed. The procedure for getting your certificate signed depends on which certificate authority (CA) you use. If you choose a CA such as Verisign (http://www.verisign.com/) or Thawte (http://www.thawte.com/), go to their web site to obtain a signed certificate. You can submit the certificate request you generated in the previous section to your CA through their web site. If the CA asks for the server platform that the certificate applies to, you should choose Tomcat. They then contact you with information on how to obtain your signed certificate. After you obtain a signed certificate, you can import it into the SOAR platform.