How to create certificates for a server
For creating certificates for a server, first a Certificate Signing Request (CSR) file is created. It is then signed by the Certificate Authority (CA). Renate will take care of the “signing” part via a self-service portal. Post approval, the Certificate and Interim certificate download links will be sent to us. We need to download those certificates and need to configure the conf files correctly in the Apache HTTP server.
On our side, we need to generate CSR file, we need to run the openssl command as show in the example below. This will work in both MAC OS and Linux. This will output Key file and CSR file. You need to mail Renate the CSR file.
openssl req -nodes -newkey rsa:2048 -keyout rime.asu.edu.key -out rime.asu.edu.csrOnce you run this command, it will ask for few details. We need to fill in the details as shown in the example below.
Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:AZ Locality Name (eg, city) []:Tempe Organization Name (eg, company) [Internet Widgits Pty Ltd]:ASU Organizational Unit Name (eg, section) []:SoMSS Common Name (e.g. server FQDN or YOUR name) []:rime.asu.edu Email Address []:renate@asu.edu
Please hit enter for the following ‘extra’ attributes:
A challenge password []: An optional company name []:
NOTE:
- No need to provide challenge password or optional company name, to skip just press enter.
- The above example is for rime.asu.edu server. Please replace the domain name as per your requirement. BE CAREFUL WITH THE DOMAIN NAMES.
Thank you