To create a sample Server Certificate, Server Key and CA Certificate files using iManager complete the following steps:
Create a temp folder.
Generate CSR (Certificate Signing Request) file.
The sample csr_detail_file.txt file is as follows:
[req] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] O= <Organization Name> CN= <Hostname or DNS Name> [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = oes_doc.labs.wdc.acme.com IP = 192.168.0.1
The attribute details is as follows:
CN: Host name of a gateway cluster resource.
DNS.<value>: DNS name of a gateway cluster resource.
If DNS name is provided for Gateway Server Address during CIS configuration, ensure that the same DNS name is configured. For more information, see Configure CIS Services.
IP: IP address of the cluster gateway resource IP.
Create the .csr file using the following command:
openssl req -new -sha256 -nodes -out csrfilename.csr -newkey rsa:2048 -keyout serverkey.pem -config <csr_detail_file name>
Perform the following steps to generate the public certificate:
Go to iManager > Netiq Certificate Server > Issue Certificate.
Click Choose File to select the .csr file and click Next.
Select Key type as SSL or TLS and Extended key usage as Server authentication and User authentication, then click Next.
Select Certificate Type as End Entity and follow the wizard to continue.
Click Download the issued certificate link.
Copy the generated server certificate to the temp folder.
Convert the generated certificate from .der to .pem format.
openssl x509 -inform der -in <.der file name> -out <servercert.pem>