Creating a public key using the OpenSSL command

System Administrator Guide for VSP 5000 Series

Version
90-09-2x
Audience
anonymous
Part Number
MK-98RD9009-16

A public key, which has the file extension .csr, is required to create an SSL keypair. The following procedure is for the Windows operating system.

Download openssl.exe from the OpenSSL website or determine to use OpenSSL on the SVP.

  1. Open a command prompt with administrator permissions.
  2. Move the current directory to the folder to which the key file is output (such as c:\key), and then execute the following command:
    c:\key > c:\openssl req -sha256 -new -key server.key -config c:\openssl\bin\openssl.cfg -out server.csr
    Note: This command uses SHA-256, SHA-384, or SHA-512 as a hash algorithm. Do not use MD5 or SHA-1 for a hash algorithm due to its low security level.
  3. Enter the following information in the prompt:
    • Country Name (two-letter code)
    • State or Province Name
    • Locality Name
    • Organization Name
    • Organization Unit Name
    • Common Name

      To create a self-signed certificate, enter the IP address of the SVP. The name you entered here is used as the server name (host name). To obtain a signed and trusted certificate, ensure that the server name is the same as the host name.

    • Email Address
    • Challenge password (optional)
    • Company name (optional)

Example

The following example shows the contents of a command window when you create a public key.

......++++++ 
..++++++ 
is 65537 (0x10001) 
C:\key>c:\openssl\bin\openssl req -sha256 -new -key server.key -config c 
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. 
\openssl\bin\openssl.cfg -out server.csr 
For some fields there will be a default value. 
If you enter '.', the field will be left blank. 
----- 
Country Name (2 letter code) [AU]:JP 
State or Province Name (full name) [Some-State]:Kanagawa 
Locality Name (eg, city) []:Odawara 
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hitachi 
Organization Unit Name (eg, section) []:ITPD 
Common Name (eg, YOUR name) []:192.168.0.1 
Email Address []: 
Please enter the following 'extra' attributes 
to be sent with your certificate request 
A challenge password []: