Creating a Certificate Request for a Certificate Authority

These instructions explain how to generate a certificate signing request using OpenSSL. Wavelink does not include OpenSSL with Avalanche or install it for you. You can find a version of OpenSSL that runs on Windows through the OpenSSL Web site.

Wavelink strongly recommends using a certificate signed by a certificate authority. Utilizing a certificate authority like Verisign tells clients that your server information was verified by a trusted source and is authentic.

If you plan to enroll Windows Phone 8 devices, do not create wildcard certificates.

Wavelink recommends that you backup all certificate files after you have implemented your certificate.

To generate a private key for the certificate:

1  From a command line, navigate to:

[OpenSSL installation directory]\bin

2  Use the command:

openssl genrsa -des3 -out privateKey.key 2048

3  At the prompt Enter pass phrase for privateKey.key, type a pass phrase. When prompted, re-enter the pass phrase. The pass phrase is arbitrary, but should be noted for future reference.

If you get a message that says "WARNING: can't open config file: /usr/local/ssl/openssl.cfg", you need to set the configuration file location. From the command prompt, use the following command:
set OPENSSL_CONF=[OpenSSL installation directory]\bin\openssl.cfg

If OpenSSL created the privateKey.key file anyway, delete it. Then repeat steps 2 and 3.

4  Use the command:

openssl req -new -key privateKey.key -out CACert.csr

5  At the prompts, enter all requested information. For the Common Name, provide the fully qualified domain name of the computer where you plan to install the certificate. The domain name used should be one that your company owns. Add a DNS entry if needed to resolve this computer.

An example of generating a CSR:

Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Some-State]:Utah
Locality Name (eg, city) [Newbury]:Midvale
Organization Name (eg, company) [My Company Ltd]:Wavelink Corporation
Organizational Unit Name (eg, section) []:Engineering
Common Name (eg, your name or your server's hostname) []:avaself.wavelink.com
Email Address []:support@wavelink.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: avalanche
An optional company name []: Wavelink Corporation

When you apply to a certificate authority for an SSL web server certificate, you will need to submit the CACert.csr file that is generated by this process.

When sending the CSR to the certificate authority, request that the signed certificate be sent back as a PKCS #12 file. Before you use the certificate with Avalanche, you need to import the private key into the certificate file. For information about converting the certificate into PKCS #12 or importing the private key, see Converting a Certificate.

 


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other

© 2014 Wavelink Corporation. All Rights Reserved.