To Generate a Certificate Signing Request (CSR) from your SHRINE keystore

Please run the following command:

$ keytool -certreq -alias $KEYSTORE_ALIAS -keyalg RSA -file $KEYSTORE_ALIAS.csr -keypass $KEYSTORE_PASSWORD -storepass $KEYSTORE_PASSWORD -keystore $KEYSTORE_FILE

This will create a file called $KEYSTORE_ALIAS.csr .

The most common reason for rejection of a CSR is an invalid CN value. The CN of a certificate should match the publicly-accessible hostname of the machine that will use the certificate. Using other values can cause problems with verifying the identity of that host.

Check the CN of your CSR file before sending by running this command:

$ openssl req -in shrine-client.csr -subject -noout

Send the CSR file to the network hub administrator.

The hub administrator will review the CSR and check for validity. 

After the CSR is validated, the Hub administrator will sign the request and send back the signed certificate in the form of a $KEYSTORE_ALIAS.crt file. 

  • No labels