Creating a public key using the OpenSSL command

System Administrator Guide for VSP E990 and VSP G130, G/F350, G/F370, G/F700, G/F900

Version
88-06-0x
Audience
anonymous
Part Number
MK-97HM85028-08

A public key has the file extension .csr. It is required to create an SSL keypair. The following procedure is for the Windows operating system.

Download openssl.exe from the OpenSSL website or determine to use OpenSSL on the SVP.

  1. Open a command prompt with administrator permissions.
  2. Execute the following command:

    When OpenSSL is installed:

    C:\key>c:\openssl\bin\openssl req -sha256 -new -key server.key -config c:\openssl\bin\openssl.cnf -out server.csr

    When using OpenSSL on the SVP:

    C:\Key>Mapp\OSS\apache\bin\openssl req -sha256 -new -key server.key -config c:\Mapp\OSS\apache\conf\openssl.cnf -out server.csr

    Note: C:\Mapp indicates the installation directory for the storage management software and SVP software. Spacify C:\Mapp for the installation directory if another directory is specified for the installation directory.
    Note: This command uses SHA-256 as a hash algorithm.
    • Use SHA-256 for the hash algorithm. Do not use MD5 or SHA-1 for the hash algorithm due to its low security level.
    • When you use OpenSSL on the SVP, do not change the contents of c:\Mapp\OSS\apache\conf\openssl.cnf.
  3. Enter the following information in the prompt:
    • Country Name (two-letter code)
    • State or Province Name
    • Locality Name
    • Organization Name
    • Organization Unit Name
    • Common Name

      To create a self-signed certificate, enter the IP address of the SVP or GUM. The name you entered here is used as the server name (host name). To obtain a signed and trusted certificate, ensure that the server name is the same as the host name.

    • Email Address
    • Challenge password (optional)
    • Company name (optional)

Example

The following example shows the contents of a command window when you create a public key.

......++++++ 
..++++++ 
is 65537 (0x10001) 
C:\key>c:\openssl\bin\openssl req -sha256 -new -key server.key -config c 
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. 
\openssl\bin\openssl.cfg -out server.csr 
For some fields there will be a default value. 
If you enter '.', the field will be left blank. 
----- 
Country Name (2 letter code) [AU]:JP 
State or Province Name (full name) [Some-State]:Kanagawa 
Locality Name (eg, city) []:Odawara 
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hitachi 
Organization Unit Name (eg, section) []:ITPD 
Common Name (eg, YOUR name) []:192.168.0.1 
Email Address []: 
Please enter the following 'extra' attributes 
to be sent with your certificate request 
A challenge password []: