Create CSR (Certificate Signing Request) for Digital Certificate

Issue #

  • We need assistance to create the CSR for Digital Signature for the OpenIT Core server. This is as requested by the Windows server – Security Team to generate a Digital Certificate for https.
  • Customer uses https for their Windows Core Server due to vulnerabilites

Environment #

  • Windows Core Server

    1264 1283 1306 1320 1337

Resolution #

  • Send the attached openssl.cnf to the customer and run this command:
    openssl req -new -key server.key -out server.csr -config /path-to/openssl.cnf

Overview #

  • What certificate is Open iT using?
    OpeniT uses a self-sign certificate. This means every browser that will connect to the server will see the error unless the certificate is already expired.  Please see the example below to guide you in checking.  It assumes default installation and openssl is installed.  Check your Apache configuration (/var/opt/openit/etc/httpd/httpd.conf) for the exact location.
    #openssl verify /var/opt/openit/etc/httpd/ssl.crt/server.crt