Creating an Application for a PKCS#10 Certificate
-
To create an application for a PKCS#10 certificate, you require a system (Unix, Linux) with an up to date openssl.
-
Copy the >Configuration file for openssl to the Linux computer, comment out the following line and adjust it to your respective requirements (DNS entry of your server): subjectAltName = DNS:x.y.tu-dresden.de
-
Then create the PKCS#10 file using the following command:
openssl req -new -config zih-generic-req.conf -newkey rsa:4096 -sha256 -keyout privkey.pem -outform PEM -out certreq.pem [-nodes]
or, if the existing private key from a previously completed certificate application is to be kept in use for the same server:
openssl req -new -config zih-generic-req.conf -key privkey.pem -keyform PEM -sha256 -outform PEM -out certreq.pem
The following dialogue will appear (Example):
Generating a 4096 bit RSA private key ............................................................................................++ ............++ writing new private key to 'privkey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Laendername (please do not change) [DE]: Bundesland (please do not change) [Sachsen]: Ortsbezeichnung (please do not change) [Dresden]: Name der Organisation (please do not change) [Technische Universitaet Dresden]: [ZIH]:Informatik <Eindeutiger DNS-Name> []:test.inf.tu-dresden.de <Ihre EMail-Adresse> []:.
Afterwards, you will find the new private key in the file named privkey.pem and the PKCS#10 certification application in the file named certreq.pem. Enter the file certreq.pem under PKCS#10 certification application (PEM-formatted file) on the TU Dresden CA website under DFN https://pki.pca.dfn.de/dfn-pki/tu-dresden-g2-ca/0/certificates/new/pkcs10/1