How to generate the CSR Certificate signing request for Solaris and linux ( Redhat Hat ) ?

Hi Experts,

Have some one Generated a CSR file (Certificate signing Request ) for
Solaris 10 and RHEL - 4 with Verisign. Please help me with this.

ASAP...... Thnaks all.
rajsolarisAsked:
Who is Participating?
 
RowleyConnect With a Mentor Commented:
From my notes:

openssl on my system is found in /usr/local/ssl/bin

To create a server key you need to enter the following commands at the command line and follow the prompts.
      
openssl genrsa -des3 -out server.key 1024

If you dont have the random seed patch installed on your system then you will need to get it and install it. You can easily check by looking to see whether /dev/random or /dev/urandom exists.

Youll get the following appear on screen at which point you will be prompted to enter PEM passphrase:

Generating RSA private key, 1024 bit long modulus
....................++++++
...++++++
e is 65537 (0x10001)
Enter PEM pass phrase:

We usually use the password thisisntactuallythepassword.
This creates a triple DES algorithm encrypted private key of 1024 bits called server.key.

openssl req -new -key server.key -out server.csr

The following output can be expected:

Using configuration from /usr/local/ssl/openssl.cnf
Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:My State
Locality Name (eg, city) []:My Town
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Evil Empire
Organizational Unit Name (eg, section) []:EVIL
Common Name (eg, YOUR name) []:evil.megalomaniac.com
Email Address []:certs@megalomaniac.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

This creates a certificate request file (server.csr) using the private key we created (server.key). We then send this information off to a CA,  mine is currently Thawte, so that they can publicly sign it and then provide the certificate (server.crt). You can verify the certificate by opening it from within windows or issuing

openssl x509 -noout -text -in certificate.file


If we want, we can create a test certificate before sending the csr for authorisation. To do this, enter the following command:

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

Output you can expect to see:

Signature ok
subject=/C=GI/ST=My State/L=My Town/O=My Evil Empire/OU=EVIL/CN=evil.megalomaniac.com/Email=certs@megalomaniac.com
Getting Private key
Enter PEM pass phrase:

This creates an x509 standard crt, with the input coming from server.csr, the key used to do the signing is server.key and the output being server.crt.

Easy.

Ensure you edit httpd.conf to reflect the location of the certs.

hth.
0
 
ravenplCommented:
You have to use openssl for that. Lot's of howtos out there on the google.
http://sial.org/howto/openssl/csr/
0
 
rajsolarisAuthor Commented:
Thank you for this Sir.
0
All Courses

From novice to tech pro — start learning today.