User`s guide
Administering Security Certificates for HTTPS and SSH on the OnSite
526
AlterPath OnSite Administrator’s and User’s Guide
T To Obtain an Signed Certificate From a
Certificate Authority
Before performing this procedure, generate a private key Also see http://
pki-page.org for a list of official CAs, if needed.
Make sure that the /etc/openssl.cnf file exists and has been configured
properly. You can do one of the following:
• Download the file from the Internet.
• Copy the contents of the file in Figure 8-1.
Note: How to generate the private key is outside the scope of this document.
See OpenSSL documentation available on the Internet for more information.
1. Log into the OnSite console as root.
2. Use openssl with the req parameter to create a CSR (certificate
signing request).
Use the command line shown in the following screen example, replacing
private_key.pem with the name of the file that contains the private key.
Note: The command line in the screen example is broken into two lines
because of space limitations. You can either enter the whole command on one
line or include a backslash (\) as shown to tell the shell that the command
continues on the following line.
The /etc/openssl.cnf must be in /etc directory. The openssl utility prompts
for the required information shown in the following table. Any other
requested information is not required.
[root@OnSite /]# openssl req -new -nodes -key \
private_key.pem -out cert.csr -config /etc/openssl.cnf
Prompt What You Enter
Country Name (2 letter code) [AU]: Refer to the
ISO-3166 two-letter country code list if
you do not know your country code.
The country code consisting of two letters.