Certificate Request Instructions

Procedure to enroll for an InCommon TLS certificate:

https://vt4help.service-now.com/sp?id=kb_article&sys_id=2001adbb1b5161900aac64ea234bcb4d

CSR (Certificate Signing Request) Instructions

The method used for generating a CSR varies depending on the application which will be using the web server certificate. Please follow the directions provided with your application software to generate a CSR.

For InCommon TLS certificates, you must specify the CN on the CSR that you generate. All other attributes may be left at the default value.

If you are using OpenSSL, please refer to the following OpenSSL instructions for an example on generating a CSR.

OpenSSL Instructions for Generating keypair and CSR

For RSA private key:

You must specify your key size to be at least 2048 bits. This command will prompt you to enter a pass phrase to encrypt the private key.

$openssl genrsa -aes256 -out private.key 2048

For EC private key:

You must specify your key size to be at least 256 bits. This command will prompt you to enter a pass phrase to encrypt the private key.

$openssl ecparam -name prime256v1 -genkey |openssl ec -aes256 -out private.key

Next, type the following command to generate a certificate signing request (CSR):

$openssl req -new -key private.key -out server.csr -subj "/DC=edu/DC=vt/CN=YOUR CN HERE"

Important: Be sure to keep all the files created in the above procedure in a safe place.

For more information on using openssl see the Manual page for the openssl command line tool.