Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

How to generate a CSR Certificate Signing Request for Extreme Management Center Server and install it

« Go Back

Information

 
TitleHow to generate a CSR Certificate Signing Request for Extreme Management Center Server and install it
Objective
To generate a CSR or certificate signing request, often needed to give to a certificate authority.
To install a certificate on a linux based Extreme Manage Center Server and install 
Environment
Extreme Management Center
CSR
Certificates
 
Procedure
 

Generating a Server Private Key and Server Certificate

If you do not have a server private key and server certificate to use as a replacement, you can generate them using the instructions in the sections below. You will need to:

  1. Generate a server private key. It is recommended that you use OpenSSL to generate an RSA key.
  2. Create a Certificate Signing Request.
  3. Submit the request to a Certificate Authority or generate a self-signed certificate.

You can use the following steps regardless of whether you are using a commercial certificate authority or an in-house certificate authority.

Generate a Server Private Key

Use the following steps to generate an encrypted RSA private key.

  1. Enter the following command to use OpenSSL to generate a password-encrypted PKCS #8 formatted server private key file. Use the key size and output file name you prefer. (If you are unsure of the key size, use 2048.)
         openssl genrsa <key size> | openssl pkcs8 -topk8 -out <output file>

    For example:
     
    openssl genrsa 2048 | openssl pkcs8 -topk8 -out server.key
  2. You will be prompted for an Encryption Password. Be sure to make a note of the password that you enter. If the password is lost, you will need to generate a new server private key and a new server certificate.

use chmod 755 for the server.key otherwise you will get errors in next step

chmod 755 server.key
 


Create a Certificate Signing Request

Use the following steps to create a Certificate Signing Request (CSR).

  1. Enter the following command to generate a CSR file. Use the output file name you used in step 1 above as the input file, and specify the output file name you prefer:
         openssl req -new -key <input file> -out <output file>

    For example:
        
    openssl req -new -key server.key -out server.csr
  2. You will be prompted for information that will appear in the certificate. When you are prompted for a Common Name, specify the fully qualified host name of the NAC appliance. For example:
         Common Name (eg, YOUR name) []:nac1.mycompany.com

Submit the Request to a Certificate Authority

The procedure for submitting a CSR to a Certificate Authority (CA) varies with the service used. Usually, it is done through a website using a commercial service such as VeriSign. You can also use an in-house CA, which generates certificates used internally by your enterprise. You will provide information including the contents of the CSR, and receive back one or more files containing the server certificate and possibly other certificates to be used in a chain.
Sample output from full session.

openssl genrsa 2048 | openssl pkcs8 -topk8 -out server.key
openssl req -new -key server.key -out server.csr
chmod 777 server.key
openssl req -new -key server.key -out server.csr


To add certificate to the system:

  • For Java Client
  • Go to Tools->Server Information->Certificates
  • Click Update Server Certificate
  • Select Provision a private key and certificate from files
  • Select the server.key file, exported from server
  • Enter in password created during that process
  • Then Click Add Files and add in the .crt files that are needed.

User-added image
Server will need to be restarted to take effect.

For Web Client (use for 8.x and higher)
Select Administration->Certificates->Update Server Certificate
User-added image

  • Then you need to add your certificate files here, and server.key file as well.
  • Check off the password box and enter the password for server.key file.
  • Once done Click OK.

User-added image
Server will need to be restarted to take effect.



 

Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255