Specifications

ManualsBrandsCoyote Point Systems ManualsHome AudioEqualizer

181

182

183

184

185

186

187

188

189

190

Generating a CSR and Getting It Signed by a CA

Equalizer Installation and Administration Guide 175

6. Try connecting to the Cluster via HTTPS.

From a client browser, open https://cluster, where cluster is the network node name or IP

address of the HTTPS cluster. The browser may notify you that it is accepting a certificate from

the server and ask for confirmation. Once you accept the certificate, the server should ask for a

client certificate; your browser may ask you to choose one. After the client certificate is sent to

the server and accepted, the requested page should be displayed.

Generating a CSR and Getting It Signed by a CA

Most CA vendors provide a means of generating a Certificate Signing Request (CSR) on their

websites, and we recommend that you use the CA website to generate the CSR.

A CSR can also be generated using the OpenSSL tools on any system, including Windows. The

examples below were executed on a Windows system with the OpenSSL tools installed.

Note that only the most basic openssl command options are shown. See the openssl(1) and req(1)

manual pages at

http://www.freebsd.org/cgi/man.cgi for more information. Many

certificate vendors also provide tools on their websites for entering a CSR.

Generating a CSR using OpenSSL

1. Navigate to an appropriate directory on your system, and create a new directory to hold your

CSR, certificate, and private key.

2. Generate the CSR by entering this command:

openssl req -new -newkey rsa:1024 -out cert.csr

This begins an interactive session to generate a CSR, and also generates a new private key to be

output into a file named privkey.pem. The key length you use (1024 in this example) can be any

multiple of 8. If you already have a private key, use -key filename (instead of -newkey

rsa:1024) to specify the file containing the private key. The key length you use (i.e., 1024 in

this example) can be any multiple of 8.

After generating the private key, the following prompts are displayed (example responses

shown):

Enter PEM pass phrase: <password>

Verifying - Enter PEM pass phrase: <password>

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:New York

Locality Name (eg, city) []:Millerton

Organization Name (eg, company) [Internet Widgits Pty Ltd]:CPS Inc.

Organizational Unit Name (eg, section) []:Engineering

Common Name (eg, YOUR name) []:mycluster.example.com

Email Address []:admin@example.com

Make sure you remember the password you specify, as you will need it to install and use the

certificate.

For a server certificate, the Common Name provided must be the DNS-resolvable fully

qualified domain name (FQDN) used by the Equalizer cluster. When a client receives the

certificate from the server, the client browser will display a warning if the Common Name

does not match the hostname of the request URI.