Introduction

The certificate signing request stores encoded information that is used to create an SSL certificate. A CSR can be generated using openssl or key tool

 

Generating a CSR using Openssl

Generate the CSR and private key using the following command and fill in the requested fields as specified.

            openssl req -out yourcsrname.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key –new –sha512

 The following fields must be populated with valid and verifiable information:

  • Common Name= FQDN of hosting server using standard notation. If you don’t have a common name you can use “your organization name”.com
  • Organization Name= Business Name as recognized by Safaricom
  • Locality= Region where the organization is located
  • State / Province= Province/County
  • Country = Country of registration of the organization(Two letters e.g. KE)
  • Minimum Key Size is = 4096 bits

N/B:

The private key (privateKey.key) will be stored in the same folder. You can save it to your preferred safe location. You will use it during the certificate installation.

Check for errors on csr before submitting for signing. (How To Check For Errors In CSR)

 

Generating a CSR using Keytool

a.  Create a new keystore and Key Pair while on elevated privileges.

           keytool -genkey -alias mydomain -keyalg RSA -keystore KeyStore.jks -keysize 4096

Proceed to fill in the details as below:

  • First & Last Name is the domain Name for SSL Certificates e.g. server.com
  • Organizational Unit e.g. a department
  • Organization e.g Safaricom
  • City / Locality e.g Nairobi
  • State / Province e.g Nairobi
  • Country Code e.g US (2 Letter Code)

b.   Confirm or reject the details by typing “Yes” or “No” and pressing Enter

c.   Generate a CSR based on the new keystore:

          keytool -certreq -alias mydomain -keystore KeyStore.jks -file mydomain.csr

d.   Check for errors before submitting your CSR for signing. (How To Check For Errors In CSR)

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Post Navigation