Previous Topic Next topic Print topic


Requesting a Server Certificate

In this section, you ask the certifying authority (CA) for a server certificate. As the server owner you create a private key and a public key. The public key is created in a certificate request (usually called a Certificate Signing Request, CSR) that you would send to the CA.

With a commercial CA, you would typically contact them first, learn about what types of certificates they supply, and find out their prices, terms and conditions.

  1. Run the batch utility create_srv_req.cmd, located in %ProgramFiles(x86)%\Micro Focus\DemoCA by default.

    The batch file creates a public/private key pair for your server, and creates a certificate request with the public key, to send to the CA.

    The private key is generated first and is stored in srvkey.pem.

  2. At the prompt, enter a pass phrase. Use a pass phrase that is easy for you to remember and yet hard for others to guess, for example: open sesame You must supply this pass phrase to access your server's private key. You are prompted to confirm the pass phrase.
  3. The utility prompts you for the following details. These default to the values that you entered when you installed Micro Focus Demo CA:
    • Country Name
    • State or Province
    • Locality
    • Organization Name
    • Organizational Unit
    • Common Name

    For example, you can enter something like:

    Country Name: US
    State or Province Name: California
    Locality: Palo Alto
    Organization Name: Bloggs Widgets Inc
    Organizational Unit Name: Marketing
    Common Name: [Press Enter to accept
    the server name value configured on installation.]
    Email Address: bloggs@widgets.com

    The details you enter are included in your server certificate to identify you.

  4. At the Enter an additional challenge password prompt, press Enter to ignore it. You can specify a pass phrase to protect your public certificate, but since it is a public certificate, it is seldom appropriate to protect it in this way.
  5. At the Unstructured Name prompt, press Enter to ignore.
  6. When the batch file finishes, confirm that the following were created in the installation directory:
    • Your server's private key in srvkey.pem. You can view this in a text editor.
    • Your public key in a certificate request file called srvcertreq.csr. The CSR file is formatted according to the PKCS #10 standard, and is informally known as a PKCS #10 file, P10 file, or CSR file. You can view this using the req as follows:
      openssl req -in srvcertreq.csr -text
  7. In a real case you would now send srvcertreq.csr to the CA.
Previous Topic Next topic Print topic