CSR Generation Instruction - CNT Web Integrator
To generate a CSR for CNT Web Integrator follow the instructions below:
Step 1: Prepare to Run the Certificate Management Utilities
CNT provides the following certificate management utilities:
rsakey
csr
csrparse
x509parse
pem2der
Before you run the Certificate Management utilities, enter the following from /webint_phaos/cm in the software installation directory:
For Windows NT, enter:
set CLASSPATH=.:install_dir\webint_phaos\classes\crysec.zip;
java_install_dir\lib\classes.zip;
For UNIX (Bourne shell), enter:
export CLASSPATH=.:install_dir/webint_phaos/classes/crysec.zip;
java_install_dir/lib/classes.zip:
Note that install_dir is the software installation directory and java_install_dir is the JDK installation directory.
Step 2: Generate an RSA Key
Use the rsakey utility to generate an RSA key. By default, the key is output in password-protected PKCS5-encoded PKCS8 format to the file enc-server-key.der.
The rsakey utility prompts you for a password phrase. Make sure that you remember your password. You will need it when you start the Web Integrator Server. If you forget your password, you will need to generate a new certificate.
Note: The rsakey utility may take more than a minute to generate a key, even if you are using a JIT compiler.
The rsakey utility is described as follows:
Syntax
java rsakey [params]
Parameters
-f key file
Specifies the name of the file to which the key is output.
Default: enc-server-key.der
-c
Indicates that you want to output the key file in PKCS1 format, which is not password-protected.
If you use this parameter, the key is output to the file server-key.der, which is a DER-encoded (Distinguished Encoding Rules encoded) binary file.
If you use this parameter and do not password-protect your key file, make sure that you store your key in a file that is accessible only to the Web Integrator Server administrator.
-e publicExp
The public exponent.
Default: 65537
-n bits
The key length in bits.
Default: 512
-d
Indicates that you want to display the key.
-help
Displays the parameters and their descriptions.
Example
% java rsakey
generate p
generate q
Enter password phrase: Test Server
Note: Make sure that you remember the password and that you save the output key file enc-server-key.der.
NOTE: Please backup your private key and write the password down in a safe place. Your certificate will not work without this private key.
Step 3: Build a Certification Request
Parameters
-k key file
The key file name.
Default: enc-server-key.der
-d
Indicates that you want to output the Certificate Submission Request (CSR) in DER format.
If you do not use this parameter, the CSR is output in BASE64-encoded Privacy Enhanced Mail (PEM) format to the file server-csr.pem.
-o csr file
Specifies the name of the file to which the CSR is output.
Default: server-csr.pem
-help
Displays the parameters and their descriptions.
Example
% java csr
Enter password to enc-server-key.der: Test Server
Enter Country name [US]:
Enter State name: Massachusetts
Enter Locality name: Westborough
Enter Organization name: CNT
Enter Organization Unit name [Brixton Web Integrator]:
Enter Common name (e.g., host.cnt.com): bass.cnt.com
Enter E-mail Address: tech_support@cnt.com
Done.
Your Certification Request is in server-csr.pem
The output file from this example is as follows:
% cat server-csr.pem
-----BEGIN CERTIFICATE REQUEST-----
MIIBWzCCAQUCAQAwgaIxFTATBgNVBAMWDGJhc3MuY250LmNvbTELMAkGA1UEBhYCVVMxFDASBgNV
BAcWC1dlc3Rib3JvdWdoMRYwFAYDVQQIFg1NYXNzYWNodXNldHRzMQwwCgYDVQQKFgNDTlQxGzAZ
BgNVBAsWEkNOVCBXZWIgSW50ZWdyYXRvcjEjMCEGCSqGSIb3DQEJARYUdGVjaF9zdXBwb3J0QGNu
dC5jb20wWzANBgkqhkiG9w0BAQEFAANKADBHAkAaqnlc+1KvW1BD/1Ey20HUKHyLmwoDWt90H/Lg
7yi7AuEe+wIUgiKS2pqnIbMAEb3LhK3WGKwO4h4xbqS3izFFAgMBAAEwDQYJKoZIhvcNAQEEBQAD
QQAFy1+LXlJllvVlciRFauoWiB4cpAWd5urAiHalIDXIe8Q7JwNbAE7p/YhrJzV5h1rLUqrXeFVE
MAgYk/29T64A
-----END CERTIFICATE REQUEST-----
Start the certificate request process
To submit the CSR to WoSign for processing you should start the certificate enrollment process.