Using OpenSSL to Make a Request for a Virginia Tech Certification Authority (VTCA) Server or Application Certificate

Article: vtkb2851.htm

Difficulty: Difficult

Time to Complete (minutes): 60

Last Updated: May 03, 2007

This knowledge base article is a work in progress. Please read the Draft Form Disclaimer below*

Question:

How do I use OpenSSL to make a request for a Virginia Tech Certification Authority (VTCA) server or application certificate?

Answer:

Note: To download and install the latest version of OpenSSL, refer to OpenSSL's Source Tarballs page (http://www.openssl.org/source/).

To create a Certificate Signing Request (CSR):

Download an OpenSSL Configuration File (http://www.computing.vt.edu/security_and_viruses/certificates/vtca_openssl.conf) that meets the requirements of the VTCA.
Note: Be sure to store the configuration file in the path of your openssl software.
Generate an RSA public key pair to the file server.key.
- If you want to encrypt your private key with a password, enter:
  $openssl genrsa -des3 -out server.key 2048
- If you do not want to encrypt your private key with a password, enter:
  $openssl genrsa -out server.key 2048
To create the PKCS#10 CSR in the file named req.pem using the key pair in the file named server.key, enter:
$openssl req -config vtca_openssl.conf -new -key server.key -out req.pem

Notes:

Be sure to either have openssl included in your path or use the absolute path to openssl. For example, in Windows, use \openssl\bin\openssl.
For details on using the openssl command line tool, refer to OpenSSL's Documents page (http://www.openssl.org/docs/apps/openssl.html).

*4Help believes the information contained in this solution to be correct and free from errors. However, this solution is still in draft form and may not be final or accurate. Use these instructions at your own risk. If you do find errors, please contact 4Help using the Help Request Form, making sure to include the filename listed at the top of the page.