Creating a Certificate Signing Request (csr)

  1. To register a certificate, you need a valid configuration file such as the following one:
    [ req ]
    default_bits = 1024
    default_keyfile = keyfile.pem
    distinguished_name = req_distinguished_name
    attributes = req_attributes
    prompt = no
    output_password = bigfix
    [ req_distinguished_name ]
    C = US
    ST = California
    L = Emeryville
    O = BigFix
    OU = Development
    CN = Common
    emailAddress =
    [ req_attributes ]
    challengePassword = bigfix
  2. Replace Common with the fully qualified domain name of the Web Reports server.
  3. Create the certificate request cert.csr with the following command.
    openssl req -new -config "c:\mynewconfig.conf" > cert.csr
    This also generates the private key called keyfile.pem.
  4. Remove the password from the private key file keyfile.pem and generate a new private key (nopwdkey.pem) using the following command:
    openssl rsa -in keyfile.pem -out nopwdkey.pem