Installation guide

Issuing a Certificate Manually

Acano solution: Deployment Guide R1.2 76-1006-06-K

Page 67

Appendix D Issuing a Certificate Manually

The instructions in this appendix are only required if you want to issue certificates signed by a

CA for any of the Acano solution components that require a certificate. (Instructions for creating

and installing self-signed certificates are in section 3.)

1. Sign in to the MMP and generate the private key and certificate signing request by typing:

pki csr <key/cert basename> <CN> [<OU> <O> <L> <ST> <C>]

where <key/cert basename> is a string identifying the new key and CSR (e.g. "webserver"

results in "webserver.key" and "webserver.csr" files)

<CN> is the commonName which should be on the certificate. The commonName must be

the DNS name for the server to be protected by SSL (for more information see

http://info.ssl.com/Article.aspx?id=10048). For example, if the website to be protected will be

https://server.mycompany.com, then enter server.example.com. Failure to do this will result

in browser certificate errors.

OU is Organizational Unit, O is Organization, L is Locality, ST is State and C is Country.

These parameters are optional.

2. Send the CSR to a Certificate Authority (CA) such as Verisign who will verify your identity

and issue a signed certificate, as follows:

a. Transfer the file to the CA.

b. Issue the following command in the command line management shell on the CA server

replacing the path and CSR name with your information:

certreq -submit -attrib "CertificateTemplate:WebServer"

<path\csr_filename>

For example:

certreq -submit -attrib "CertificateTemplate:WebServer"

C:\Users\Administrator\Desktop\certcsr.pem

c. After entering the command, a CA selection list is displayed similar to that below. Select

the correct CA and click OK.