A public key has the file extension .csr. It is required
to create an SSL keypair. The following procedure is for the Windows operating
system.
Download openssl.exe from the
OpenSSL website or determine to use OpenSSL on the SVP.
-
Open a command prompt with administrator permissions.
-
Execute the following command:
When OpenSSL is installed:
C:\key>c:\openssl\bin\openssl req -sha256 -new -key server.key
-config c:\openssl\bin\openssl.cnf -out server.csr
When using OpenSSL on the SVP:
C:\Key>Mapp\OSS\apache\bin\openssl req -sha256 -new -key server.key
-config c:\Mapp\OSS\apache\conf\openssl.cnf -out
server.csr
Note: C:\Mapp indicates the installation directory for the
storage management software and SVP software. Spacify
C:\Mapp for the installation directory if another
directory is specified for the installation directory.
Note: This command uses SHA-256 as a hash algorithm.
- Use SHA-256 for the hash algorithm. Do not use MD5 or SHA-1 for the
hash algorithm due to its low security level.
- When you use OpenSSL on the SVP, do not change the contents of
c:\Mapp\OSS\apache\conf\openssl.cnf.
-
Enter the following information in the prompt:
- Country Name (two-letter code)
- State or Province Name
- Locality Name
- Organization Name
- Organization Unit Name
- Common Name
To create a self-signed certificate, enter the IP address of the SVP or GUM. The name you entered here is used as the server name (host name). To obtain a signed and trusted certificate, ensure that the server name is the same as the host name.
- Email Address
- Challenge password (optional)
- Company name (optional)
Example
The following example shows the contents of a command window when you create a public key.
......++++++
..++++++
is 65537 (0x10001)
C:\key>c:\openssl\bin\openssl req -sha256 -new -key server.key -config c
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN.
\openssl\bin\openssl.cfg -out server.csr
For some fields there will be a default value.
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Kanagawa
Locality Name (eg, city) []:Odawara
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hitachi
Organization Unit Name (eg, section) []:ITPD
Common Name (eg, YOUR name) []:192.168.0.1
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: