Using openssl on an AppGate server to make a Certificate Request for SSL

Description:

 

There are various methods that can be used to generate a Certificate Request for enrollment with a CA Authority. One method is to use the openssl software that is already a part of the the AppGate Security Server.

To generate the .csr file you first need a configuration file. Here is an example - you need to fill in the parts of the req_distinguished_name section and move all into a file named ssl.cnf in /var/opt/appgate/local 

# OpenSSL config file 

[ req ]
default_bits                    = 1024
default_keyfile                 = privkey.pem
distinguished_name              = req_distinguished_name
attributes                      = req_attributes
x509_extensions                 = self_extensions
req_extensions                  = req_extensions
string_mask                     = nombstr
prompt                          = no

[ req_distinguished_name ]
countryName                     = UK
stateOrProvinceName             = Far Out Province
localityName                    = London

# The 0.organizationName is the company name 
# You should enter the company name as it appears on your official company
# registration documents. 
0.organizationName              = Example Corp Inc

# The commonName should be the host name used in the URL
commonName                      = example-corp-ssl.example.com

[ req_attributes ]

[ req_extensions ]
basicConstraints                = CA:FALSE
nsCertType                      = server
nsComment                       = "OpenSSL Generated Certificate"
subjectKeyIdentifier            = hash
keyUsage                        = critical,digitalSignature,keyEncipherment

[ self_extensions ]
basicConstraints                = CA:FALSE
nsCertType                      = server
nsComment                       = "OpenSSL Generated Certificate"
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid,issuer:always
keyUsage                        = critical,digitalSignature,keyEncipherment
Then you need to run the following: 
cd /var/opt/appgate/local
openssl req -config ssl.cnf -new -newkey rsa:1024 -nodes -out example-corp.csr -keyout example-corp.key

Transfer the resulting .crs file and the .key file to your PC.

Use the .csr file to make your Certificate Request. When you have received the Certificate file you should upload it in the AppGate Console -> System Settings -> SSL -> Upload. This upload will also request that you give the .key file.

The .key file should be kept safely as it contains the secret part for your SSL-function.

Updated 2008-06-09 14:31 Copyright © 2002-2008 AppGate Network Security AB. All rights reserved.
Legal notice 		Contact AppGate Network Security
Comments to the webmaster