Generate a certificate signing request by using the OpenSSL tool for Windows.
Download the appropriate installer for OpenSSL from http://www.openssl.org/related/binaries.html . Use the downloaded OpenSSL installer to install it on Windows.
Edit the openssl.cfg file to add additional required parameters. Make sure the
[req]section has the req_extensions parameter defined.
[req] . . req_extensions=v3_req #
Add an appropriate Subject Alternative Name entry for the hostname or IP address of your server, for example server-01.loginsight.domain. You cannot specify a pattern for the hostname.
[v3_req] . . subjectAltName=DNS:server-01.loginsight.domain #subjectAltName=IP:10.27.74.215
- Create a folder to save your certificate files, for example C:\Certs\LogInsight.
- Open a Command Prompt and run the following command to generate your private key.
C:\Certs\LogInsight>openssl genrsa -out server.key 2048
- Create a certificate signing request by running the following command.
C:\Certs\LogInsight>openssl req -new -key server.key -out server.csrNote:
This command runs interactively and asks you a number of questions. Your certificate authority will cross check your answers. Your answers must match the legal documents regarding the registration of your company.
- Follow the onscreen instructions and enter the information that will be incorporated into your certificate request.
In the Common Name field, enter the hostname or IP address of your server, for example mail.your.domain. If you want to include all subdomains, enter *your.domain.
Your certificate signing request file server.csr is generated and saved.