Skip to content

Apply for a Digital Identity Certificate (Certificate Signing Request)

Terms used:

  • private key - a secret key known only to the owner, used with an algorithm to encrypt/decrypt data

  • key pair - private key and its associated certificate chain

  • distinguished name - the identifying information in a certificate. A certificate contains DN information for both the owner / requester of the certificate (called the Subject distinguished name) and the CA that issued the certificate (called the Issuer distinguished name)

  • X.509 certificate - a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user

Before creating a Certficate Signing Request (CSR), the applicant first generates a key pair, keeping the private key secret. The CSR contains information that identifies the applicant (such as a distinguished name in the case of an X.509 certificate) which must be signed using the applicant’s private key. The CSR also contains the applicant’s chosen public key.

How to create a CSR using KeyStore Explorer

To create a CSR you will create a key pair and then generate a certificate request. If you do not need to update certificate information, you can skip creating the key pair and proceed to generating the certificate request.

  • Create a new key pair

    1. From the Tools menu, select Generate Key Pair.

    2. On the Generate Key Pair dialog box, enter the algorithm information and certificate details. Click OK.

    3. Specify the relevant alias (servlet-engine) and default password (changeit).

  • Generate a certificate request

    1. Select the key pair you just created.

    2. From the right-click menu, select Generate CSR.

    3. Browse to the file location where you want to generate the CSR and enter the file name. Click OK.

How to create a CSR using Java Keytool

  • Create Key Pair (replace the dname parameter with your own) in the sessionserver/etc folder:

       ..\..\java\bin\keytool.exe -genkeypair -dname "CN=hacloud-1.microfocus.com, O=Micro Focus, C=US" -alias servlet-engine -keyalg RSA -keysize 2048 -keystore keystore.bcfks -validity 1095 -storetype bcfks -storepass changeit -keypass changeit -providername BCFIPS -providerpath ../lib/bc-fips-*.jar -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
    
  • Generate Certificate Request:

       ..\..\java/bin\keytool -certreq -alias servlet-engine -keystore keystore.bcfks -file cert_request.csr -ext ExtendedkeyUsage=serverAuth -storetype bcfks -storepass changeit -providername BCFIPS -providerpath ../lib/bc-fips-*.jar -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
    
    After you receive the certificate from the CA, you will import the certificate into Host Access for the Cloud.