首页>技术支持>SSL证书请求文件(CSR)生成指南 - CNT Web Integrator

SSL证书请求文件(CSR)生成指南 - CNT Web Integrator

To generate a CSR for CNT Web Integrator follow the instructions below:

Step 1: Prepare to Run the Certificate Management Utilities

CNT provides the following certificate management utilities:

rsakey

csr

csrparse

x509parse

pem2der

Before you run the Certificate Management utilities, enter the following from /webint_phaos/cm in the software installation directory:

For Windows NT, enter:

set CLASSPATH=.:install_dir\webint_phaos\classes\crysec.zip;

java_install_dir\lib\classes.zip;

For UNIX (Bourne shell), enter:

export CLASSPATH=.:install_dir/webint_phaos/classes/crysec.zip;

java_install_dir/lib/classes.zip:

Note that install_dir is the software installation directory and java_install_dir is the JDK installation directory.

Step 2: Generate an RSA Key

Use the rsakey utility to generate an RSA key. By default, the key is output in password-protected PKCS5-encoded PKCS8 format to the file enc-server-key.der.

The rsakey utility prompts you for a password phrase. Make sure that you remember your password. You will need it when you start the Web Integrator Server. If you forget your password, you will need to generate a new certificate.

Note: The rsakey utility may take more than a minute to generate a key, even if you are using a JIT compiler.

The rsakey utility is described as follows:

Syntax

java rsakey [params]

Parameters

-f key file

Specifies the name of the file to which the key is output.

Default: enc-server-key.der

-c

Indicates that you want to output the key file in PKCS1 format, which is not password-protected.

If you use this parameter, the key is output to the file server-key.der, which is a DER-encoded (Distinguished Encoding Rules encoded) binary file.

If you use this parameter and do not password-protect your key file, make sure that you store your key in a file that is accessible only to the Web Integrator Server administrator.

-e publicExp

The public exponent.

Default: 65537

-n bits

The key length in bits.

Default: 512

-d

Indicates that you want to display the key.

-help

Displays the parameters and their descriptions.

Example

% java rsakey

generate p

generate q

Enter password phrase: Test Server

Note: Make sure that you remember the password and that you save the output key file enc-server-key.der.

NOTE: Please backup your private key and write the password down in a safe place. Your certificate will not work without this private key.

Step 3: Build a Certification Request

Parameters

-k key file

The key file name.

Default: enc-server-key.der

-d

Indicates that you want to output the Certificate Submission Request (CSR) in DER format.

If you do not use this parameter, the CSR is output in BASE64-encoded Privacy Enhanced Mail (PEM) format to the file server-csr.pem.

-o csr file

Specifies the name of the file to which the CSR is output.

Default: server-csr.pem

-help

Displays the parameters and their descriptions.

Example

% java csr

Enter password to enc-server-key.der: Test Server

Enter Country name [US]:

Enter State name: Massachusetts

Enter Locality name: Westborough

Enter Organization name: CNT

Enter Organization Unit name [Brixton Web Integrator]:

Enter Common name (e.g., host.cnt.com): bass.cnt.com

Enter E-mail Address: tech_support@cnt.com

Done.

Your Certification Request is in server-csr.pem

The output file from this example is as follows:

% cat server-csr.pem

-----BEGIN CERTIFICATE REQUEST-----

MIIBWzCCAQUCAQAwgaIxFTATBgNVBAMWDGJhc3MuY250LmNvbTELMAkGA1UEBhYCVVMxFDASBgNV BAcWC1dlc3Rib3JvdWdoMRYwFAYDVQQIFg1NYXNzYWNodXNldHRzMQwwCgYDVQQKFgNDTlQxGzAZ BgNVBAsWEkNOVCBXZWIgSW50ZWdyYXRvcjEjMCEGCSqGSIb3DQEJARYUdGVjaF9zdXBwb3J0QGNu dC5jb20wWzANBgkqhkiG9w0BAQEFAANKADBHAkAaqnlc+1KvW1BD/1Ey20HUKHyLmwoDWt90H/Lg 7yi7AuEe+wIUgiKS2pqnIbMAEb3LhK3WGKwO4h4xbqS3izFFAgMBAAEwDQYJKoZIhvcNAQEEBQAD QQAFy1+LXlJllvVlciRFauoWiB4cpAWd5urAiHalIDXIe8Q7JwNbAE7p/YhrJzV5h1rLUqrXeFVE MAgYk/29T64A

-----END CERTIFICATE REQUEST-----

测试CSR和把CSR发给WoSign, Start the certificate request process

生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里

测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。

To submit the CSR to WoSign for processing you should start the certificate enrollment process.