Solved

How to generate the CSR Certificate signing request  for Solaris and linux ( Redhat Hat ) ?

Posted on 2008-10-30
3
4,463 Views
Last Modified: 2013-12-21
Hi Experts,

Have some one Generated a CSR file (Certificate signing Request ) for
Solaris 10 and RHEL - 4 with Verisign. Please help me with this.

ASAP...... Thnaks all.
0
Comment
Question by:rajsolaris
3 Comments
 
LVL 43

Expert Comment

by:ravenpl
ID: 22845032
You have to use openssl for that. Lot's of howtos out there on the google.
http://sial.org/howto/openssl/csr/
0
 
LVL 13

Accepted Solution

by:
Rowley earned 500 total points
ID: 22848281
From my notes:

openssl on my system is found in /usr/local/ssl/bin

To create a server key you need to enter the following commands at the command line and follow the prompts.
      
openssl genrsa -des3 -out server.key 1024

If you dont have the random seed patch installed on your system then you will need to get it and install it. You can easily check by looking to see whether /dev/random or /dev/urandom exists.

Youll get the following appear on screen at which point you will be prompted to enter PEM passphrase:

Generating RSA private key, 1024 bit long modulus
....................++++++
...++++++
e is 65537 (0x10001)
Enter PEM pass phrase:

We usually use the password thisisntactuallythepassword.
This creates a triple DES algorithm encrypted private key of 1024 bits called server.key.

openssl req -new -key server.key -out server.csr

The following output can be expected:

Using configuration from /usr/local/ssl/openssl.cnf
Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:My State
Locality Name (eg, city) []:My Town
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Evil Empire
Organizational Unit Name (eg, section) []:EVIL
Common Name (eg, YOUR name) []:evil.megalomaniac.com
Email Address []:certs@megalomaniac.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

This creates a certificate request file (server.csr) using the private key we created (server.key). We then send this information off to a CA,  mine is currently Thawte, so that they can publicly sign it and then provide the certificate (server.crt). You can verify the certificate by opening it from within windows or issuing

openssl x509 -noout -text -in certificate.file


If we want, we can create a test certificate before sending the csr for authorisation. To do this, enter the following command:

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

Output you can expect to see:

Signature ok
subject=/C=GI/ST=My State/L=My Town/O=My Evil Empire/OU=EVIL/CN=evil.megalomaniac.com/Email=certs@megalomaniac.com
Getting Private key
Enter PEM pass phrase:

This creates an x509 standard crt, with the input coming from server.csr, the key used to do the signing is server.key and the output being server.crt.

Easy.

Ensure you edit httpd.conf to reflect the location of the certs.

hth.
0
 

Author Closing Comment

by:rajsolaris
ID: 31511809
Thank you for this Sir.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now