Restriction: This topic applies only when the Enterprise Server feature is enabled.
Prerequisites
Before you request a certificate, you must:
- Install Micro Focus Demo CA. The installer for this is supplied with
Visual COBOL, and by default is
DemoCAAddPack_50.sh in
$COBDIR/DemoCA.
In this section, you ask the certifying authority (CA) for a server certificate. As the server owner you create a private
key and a public key. The public key is created in a certificate request (usually called a Certificate Signing Request, CSR)
that you would send to the CA.
With a commercial CA, you would typically contact them first, learn about what types of certificates they supply, and find
out their prices, terms and conditions.
- With administrative privileges, run the batch utility
create_srv_req.cmd, located in
/opt/microfocus/DemoCA or
$COBSSL (if set) by default.
The batch file creates a public/private key pair for your server, and creates a certificate request with the public key, to
send to the CA.
The private key is generated first and is stored in
srvkey.pem.
- At the prompt, enter a pass phrase. Use a pass phrase that is easy for you to remember and yet hard for others to guess, for
example:
open sesame You must supply this pass phrase to access your server's private key. You are prompted to confirm the pass phrase.
- The utility prompts you for the following details. These default to the values that you entered when you installed Micro Focus
Demo CA:
- Country Name
- State or Province
- Locality
- Organization Name
- Organizational Unit
- Common Name
For example, you can enter something like:
Country Name: US
State or Province Name: California
Locality Name: Palo Alto
Organization Name: Bloggs Widgets Inc
Organizational Unit Name: Marketing
Common Name: svr-blogw
Email Address: bloggs@widgets.com
The details you enter are included in your server certificate to identify you.
- At the
A challenge password prompt, press
Enter to ignore it. You can specify a pass phrase to protect your public certificate, but since it is a public certificate, it
is seldom appropriate to protect it in this way.
- Press
Enter at the next prompt also.
- When the batch file finishes, confirm that the following were created in the installation directory:
- In a real case you would now send
srvcertreq.csr to the CA.