How to create a certificate request with openssl and sign CA

At this  knowledge base we’ll create  a Certificate Request (CSR) and we  perform sign  operation  on our CA server. I ‘ll  explain  all steps  for Windows  servers.  Let’s  start what we  need first.

Step 1:Download  Binaries  

  • Download Openssl  binaries
    • You can get  it from the  Link. This link  contains  also  Apache  software  for Windows. You can  use only  Openssl from the source I added to  link.
  • Create  your  openssl.cnf file . I added  sample  openssl.cnf file which you can check  it. There  is some  configuration  that you need to  change.
    • change “dir”  where you install  openssl.exe
    • “DNS.1”    must changed  with  your  web site  Domain name.
    • Also  you can check other  configuration like  bits size, password, key type etc.

Step 2:  Start  batch Script 

You can  use this batch  script  to create  a  CSR and also  PEM file. Please  change  directory  path as  you wish. As  you see  you need to change  “OPENSSL_CONF” and  the certificate PATH “C:\Seritifika\Openssl\SHA2_Islemler”

This script will create  two files  which  named Casesup.pem and  Casesup.csr. Please save  both of them  then you ‘ll  use them  on your web sites. Certificate  expire  date sets  730 days and also we used  sha2.

You need to  type your  Web service  Domain  name, Country, State, Location, Organization  Name, Common name etc.

Step 3: Sign  your request with  Windows  CA

Connect  CA  server with web browser.

https://<yourserver>/certsrv

Step 4: Send Certificate  Request

cert

 

 

 

 

 

 

 

 

 

 

 

Step  5: Add CSR  to request

You need to add your  DNS  information to  attributes  tab. For example ;

san:dns=casesup.com&dns=support.casesup.com

cert2

 

 

 

 

 

 

 

 

 

 

Step 6: Connect  CA  server  and  approve  request

After  you submit  certificate request then  you can  righ click  issued certificate  under issued tab. Then export  it to  your desktop. And  now you are ready to deploy  certificate to your web site. You have  3 files. CSR,PEM and  signed  CRT.

Follow me

Abdurrahim

I'm a System Engineer with extensive experience and administration skills and works for Interbank Card Center Of Turkey.I provide hardware and software support for the following Unix/Linux and Windows platforms.(Oracle Solaris,HP-UX, Linux, IBM-AIX, Windows Servers)
Follow me
facebooktwittergoogle_pluslinkedinby feather

0