CNT Web Integrator

To generate a CSR for CNT Web Integrator follow the instructions below: Step 1: Prepare to Run the Certificate Management Utilities CNT provides the following certificate management utilities: rsakey csr csrparse x509parse pem2der Before you run the Certificate Management utilities, enter the following from /webint_phaos/cm in the software installation directory: For Windows NT, enter: set CLASSPATH=.:install_dir\webint_phaos\classes\crysec.zip; java_install_dir\lib\classes.zip; For UNIX (Bourne shell), enter: export CLASSPATH=.:install_dir/webint_phaos/classes/crysec.zip; java_install_dir/lib/classes.zip: Note that install_dir is the software installation directory and java_install_dir is the JDK installation directory. Step 2: Generate an RSA Key Use the rsakey utility to generate an RSA key. By default, the key is output in password-protected PKCS5-encoded PKCS8 format to the file enc-server-key.der. The rsakey utility prompts you for a password phrase. Make sure that you remember your password. You will need it when you start the Web Integrator Server. If you forget your password, you will need to generate a new certificate. Note: The rsakey utility may take more than a minute to generate a key, even if you are using a JIT compiler. The rsakey utility is described as follows: Syntax java rsakey [params] Parameters -f key file Specifies the name of the file to which the key is output. Default: enc-server-key.der -c Indicates that you want to output the key file in PKCS1 format, which is not password-protected. If you use this parameter, the key is output to the file server-key.der, which is a DER-encoded (Distinguished Encoding Rules encoded) binary file. If you use this parameter and do not password-protect your key file, make sure that you store your key in a file that is accessible only to the Web Integrator Server administrator. -e publicExp The public exponent. Default: 65537 -n bits The key length in bits. Default: 512 -d Indicates that you want to display the key. -help Displays the parameters and their descriptions. Example % java rsakey generate p generate q Enter password phrase: Test Server Note: Make sure that you remember the password and that you save the output key file enc-server-key.der. NOTE: Please backup your private key and write the password down in a safe place. Your certificate will not work without this private key. Step 3: Build a Certification Request Parameters -k key file The key file name. Default: enc-server-key.der -d Indicates that you want to output the Certificate Submission Request (CSR) in DER format. If you do not use this parameter, the CSR is output in BASE64-encoded Privacy Enhanced Mail (PEM) format to the file server-csr.pem. -o csr file Specifies the name of the file to which the CSR is output. Default: server-csr.pem -help Displays the parameters and their descriptions. Example % java csr Enter password to enc-server-key.der: Test Server Enter Country name [US]: Enter State name: Massachusetts Enter Locality name: Westborough Enter Organization name: CNT Enter Organization Unit name [Brixton Web Integrator]: Enter Common name (e.g., host.cnt.com): bass.cnt.com Enter E-mail Address: tech_support@cnt.com Done. Your Certification Request is in server-csr.pem The output file from this example is as follows: % cat server-csr.pem -----BEGIN CERTIFICATE REQUEST----- MIIBWzCCAQUCAQAwgaIxFTATBgNVBAMWDGJhc3MuY250LmNvbTELMAkGA1UEBhYCVVMxFDASBgNV BAcWC1dlc3Rib3JvdWdoMRYwFAYDVQQIFg1NYXNzYWNodXNldHRzMQwwCgYDVQQKFgNDTlQxGzAZ BgNVBAsWEkNOVCBXZWIgSW50ZWdyYXRvcjEjMCEGCSqGSIb3DQEJARYUdGVjaF9zdXBwb3J0QGNu dC5jb20wWzANBgkqhkiG9w0BAQEFAANKADBHAkAaqnlc+1KvW1BD/1Ey20HUKHyLmwoDWt90H/Lg 7yi7AuEe+wIUgiKS2pqnIbMAEb3LhK3WGKwO4h4xbqS3izFFAgMBAAEwDQYJKoZIhvcNAQEEBQAD QQAFy1+LXlJllvVlciRFauoWiB4cpAWd5urAiHalIDXIe8Q7JwNbAE7p/YhrJzV5h1rLUqrXeFVE MAgYk/29T64A -----END CERTIFICATE REQUEST----- Goal: Generate CSR for CNT Web Integrator This applies to: (Includes, but not limited to): CNT Web Integrator SSL Web Server Certificate SGC SuperCert SSL123 Certificate Other