Generate a certificate-signing request by using the OpenSSL tool for Windows.
- Install the OpenSSL tool. See http://www.openssl.org for information about obtaining the OpenSSL tool.
- Edit the openssl.cfg file to add additional required parameters. Make sure the
[req]section has the req_extensions parameter defined.
[req] . . req_extensions=v3_req #
- Add an appropriate Subject Alternative Name entry for the hostname or IP address of your server, for example server-01.loginsight.domain. You cannot specify a pattern for the hostname.
[v3_req] . . subjectAltName=DNS:server-01.loginsight.domain #subjectAltName=IP:10.27.74.215
- Create a folder to save your certificate files, for example C:\Certs\LogInsight.
- Open a Command Prompt and run the following command to generate your private key.
C:\Certs\LogInsight>openssl genrsa -out server.key 2048
- Create a certificate signing request by running the following command.
C:\Certs\LogInsight>openssl req -new -key server.key -out server.csrNote: This command runs interactively and asks you a number of questions. Your certificate authority will cross check your answers. Your answers must match the legal documents regarding the registration of your company.
- Follow the onscreen instructions and enter the information that will be incorporated into your certificate request.
Important: In the Common Name field, enter the hostname or IP address of your server, for example mail.your.domain. If you want to include all subdomains, enter *your.domain.
Your certificate signing request file server.csr is generated and saved.