application commands
security certificate generate-csr
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
Generate a Digital Certificate Signing Request
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
This command generates a digital certificate signing request and displays it on the console. A certificate signing request (CSR or certification request) is a message sent securely to a certificate authority (CA) via any electronic media, to apply for a digital identity certificate.
Parameters
-common-name <FQDN or Custom Common Name>- FQDN or Custom Common Name-
This specifies the desired certificate name as a fully qualified domain name (FQDN) or custom common name or the name of a person. The supported characters, which are a subset of the ASCII character set, are as follows:
-
Letters a through z, A through Z
-
Numbers 0 through 9
-
Asterisk (*), period (.), underscore (_) and hyphen (-)
The common name must not start or end with a "-" or a ".". The maximum length is 253 characters.
-
[-size <size of requested certificate in bits>]- Size of Requested Certificate in Bits-
This specifies the number of bits in the private key. The higher the value, the more secure is the key. The default is 2048. Possible values include
512,1024,1536and2048. [-country <text>]- Country Name-
This specifies the country where the Vserver resides. The country name is a two-letter code. The default is US. Here is the list of country codes:
Country Codes [-state <text>]- State or Province Name-
This specifies the state or province where the Vserver resides.
[-locality <text>]- Locality Name-
This specifies the locality where the Vserver resides. For example, the name of a city.
[-organization <text>]- Organization Name-
This specifies the organization where the Vserver resides. For example, the name of a company.
[-unit <text>]- Organization Unit-
This specifies the unit where the Vserver resides. For example, the name of a section or a department within a company.
[-email-addr <mail address>]- Contact Administrator's Email Address-
This specifies the email address of the contact administrator for the Vserver.
[-hash-function <hashing function>]- Hashing Function-
This specifies the cryptographic hashing function for signing the certificate. The default is SHA256. Possible values include
SHA1,SHA256andMD5.
Examples
This example creates a certificate-signing request with a 2048-bit private key generated by the SHA256 hashing function for use by the Software group in IT at a company whose custom common name is www.example.com , located in Sunnyvale, California, USA. The email address of the contact administrator who manages the Vserver is web@example.com .
cluster1::> security certificate generate-csr -common-name www.example.com -size 2048 -country US -state California -locality Sunnyvale -organization IT -unit Software -email-addr web@example.com -hash-function SHA256 Certificate Signing Request : -----BEGIN CERTIFICATE REQUEST----- MIIBGjCBxQIBADBgMRQwEgYDVQQDEwtleGFtcGxlLmNvbTELMAkGA1UEBhMCVVMx CTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADEPMA0G CSqGSIb3DQEJARYAMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPXFanNoJApT1nzS xOcxixqImRRGZCR7tVmTYyqPSuTvfhVtwDJbmXuj6U3a1woUsb13wfEvQnHVFNci 2ninsJ8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA0EA6EagLfso5+4g+ejiRKKTUPQO UqOUEoKuvxhOvPC2w7b//fNSFsFHvXloqEOhYECn/NX9h8mbphCoM5YZ4OfnKw== -----END CERTIFICATE REQUEST----- Private Key : -----BEGIN RSA PRIVATE KEY----- MIIBOwIBAAJBAPXFanNoJApT1nzSxOcxixqImRRGZCR7tVmTYyqPSuTvfhVtwDJb mXuj6U3a1woUsb13wfEvQnHVFNci2ninsJ8CAwEAAQJAWt2AO+bW3FKezEuIrQlu KoMyRYK455wtMk8BrOyJfhYsB20B28eifjJvRWdTOBEav99M7cEzgPv+p5kaZTTM gQIhAPsp+j1hrUXSRj979LIJJY0sNez397i7ViFXWQScx/ehAiEA+oDbOooWlVvu xj4aitxVBu6ByVckYU8LbsfeRNsZwD8CIQCbZ1/ENvmlJ/P7N9Exj2NCtEYxd0Q5 cwBZ5NfZeMBpwQIhAPk0KWQSLadGfsKO077itF+h9FGFNHbtuNTrVq4vPW3nAiAA peMBQgEv28y2r8D4dkYzxcXmjzJluUSZSZ9c/wS6fA== -----END RSA PRIVATE KEY----- Note: Please keep a copy of your certificate request and private key for future reference.