Openssl req -out csr.csr -key /nsconfig/ssl/existing_key.key -new -sha256 -config /etc/nsssl. To make sure the extensions added to the CSR using -addext are really added to the signed certificate you have to enable copyextensions copy in /etc/ssl/openssl.cnf hfmanson Apr 25 at 7:28 Add a comment 156 Based on link from DarkLighting, heres the command I came up with using nested subshells. Generate the CSR code and Private key for your certificate by running this command: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out servercsr.txt Note: server.key and servercsr. If you compare the output from openssl req -in yourcsr. However, if you want to use an existing key, then use the following command: The preceding article helps you in generating the CSR by creating a new key. Use the following command to verify if the CSR created is openssl req -text -noout -in test.csr | grep 'Signature Algorithm' You can create this file on NetScaler using the VI editor or any other editor.ĮmailAddress = the openssl.cnf file to the /nsconfig/ssl directory.īrowse to the /nsconfig/ssl directory and execute the following command to create a Key and openssl req -out test.csr -config openssl.cnf -new -newkey rsa:2048 -nodes -keyout test.key Modify the entries according to the requirement. ![]() Complete the following steps to generate SHA2 CSR on NetScaler using OpenSSL:Ĭreate a custom configuration file named openssl.cnf.
0 Comments
Leave a Reply. |