Page History
...
The first step is to generate a certificate signing request (CSR) using a private key, and to send that CSR to an SSL/TLS vendor. This step can be performed using either openssl
or keytool
. The vendor will in turn provide a certificate for the requested fully-qualified domain name (FQDN), and it may provide additional certificates for its root and intermediate CAs. The remote site should work with the vendor to concatenate all certificates together into one file, such that it would be possible to trace the chain of trust from the endpoint certificate all the way back to the root CA.
The next step is to extract the private key that was used to generate the CSR. If a utility such as openssl
was used to generate the CSR, then a file containing the private key should already be present and this step is unnecessary. If, however, the site used keytool
to generate the CSR, then the following command commands should be run to extract the private key into a separate file. Execute the following command to extract the private key into a file called private_key.pem
:
Code Block | ||||
---|---|---|---|---|
| ||||
$ <insert command to transform keystore into pkcs12 first>
$ openssl pkcs12 -in shrine.keystore -nodes -nocerts -out private_key.pem |
...