Creating a certificate signing request file

A certificate signing request or CSR, is a file created by a web server that is sent to a certificate authority (CA) to enroll for a SSL certificate. We will use a public key infrastructure (PKI) to generate a key pair that will store the private part of our key within View's keystore. We will then provide the public key to our CA so that it may provide a SSL certificate (that has been digitally signed using the private key of the CA) that can then be configured with View.

Before we can generate a CSR file, we must first create a keystore to store our certificate. We will use the keytool to create this keystore:

1. Open the command prompt on your View server:
   Start >> Run >> CMD
   
   
2. Change directory to:
   'C:\Program Files\VMware\VMware View\Server\sslgateway\conf'
   
   

   Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator>cd \ C:\>cd "C:\Program Files\VMware\VMware View\Server\sslgateway\conf" C:\Program Files\VMware\VMware View\Server\sslgateway\conf>

   
   
3. Run the following command:
   'keytool -genkey -keyalg "RSA" -keystore keys.p12 -storetype pkcs12 -validity 360'
   
   

   C:\Program Files\VMware\VMware View\Server\sslgateway\conf>keytool -genkey -keyalg "RSA" -keystore keys.p12 -storetype pkcs12 -validity 360

   
   
4. You will be asked to enter a keystore password. It is important this password never be lost. If you loose this password, you will loose the ability to manage your keystore which will eventually require that you recreate a new keystore and certificate.
   
   

   Enter keystore password: MY_PASSWORD

   
   
5. When asked for your first and last name, enter the fully qualified domain name FQDN of your View server. DO NOT enter your name or the certificate you create will be invalid:
   
   

   What is your first and last name?[Unknown]: view.tcpdump.com

   
   
6. Answer the remaining questions to complete the creation of the keystore
   
   

   What is the name of your organizational unit?[Unknown]: IT What is the name of your organization?[Unknown]: TCPDump What is the name of your City or Locality?[Unknown]: Phoenixville What is the name of your State or Province?[Unknown]: PA What is the two-letter country code for this unit?[Unknown]: US Is CN=view.tcpdump.com, OU=IT, O=TCPDump, L=Phoenixville, ST=PA, C=US correct?[no]: yes Enter key password for (RETURN if same as keystore password):

   
   

Creating the Certificate Signing Request

We are now ready to create the certificate signing request. We will continue with the use of the keytool:

1. From the command prompt, enter the following:
   'keytool -certreq -keyalg "RSA" -file certificate.csr -keystore keys.p12 -storetype pkcs12'
   
   

   C:\Program Files\VMware\VMware View\Server\sslgateway\conf>keytool -certreq -keyalg "RSA" -file certificate.csr -keystore keys.p12 -storetype pkcs12 Enter keystore password: MY_PASSWORD

   
   
2. This will create a file called 'certificate.csr' in your working directory. You may now submit the 'certificate.csr' to a CA in accordance with their enrollment process requesting a certificate in PKCS7 format.
   
   

Comments

Add New Search

anurdh65  - SSL certificate |13/08/2009 05:18:59 Very Nice information. My friend bought the SSL certificate from http://www.tucktail.com/ but i dont know whether it is firmware or not. Reply | Quote

thirt |22/08/2009 19:41:35 Hi anurdh65, I'm not sure what you mean by firmware. Can you elaborate a bit more for me? Thanks, Tom Reply | Quote

Rashid Iqbal  - OWA not working in vmware after configuring the ss |29/06/2010 08:53:01 I install the ssl certificate for OWA. before installing the ssl I can access the owa for email but after installing the ssl certicate and trying to access the email through https://test.abc.com/exchange. getting error: the page cannot be displayed. I am doing all this in VMWare virtual machine. kindly help me to sort out this issue. Regards, Rashid Reply | Quote

Siddharth |27/12/2011 10:57:50 Hi, Somehow I am not able to make this work Used a go daddy cert and downloaded it as a tomcat server certificate as Vmware support suggests All steps work find while importing the certificate Once security server services are restarted I see the server only listening on http://*:80 Any clues Reply | Quote

MrSanchez |02/03/2012 13:10:38 Hi, Had a problem with go daddy certs too. What you need to do is convert the PEM certificate (.crt, .cer) to PKCS#7 format as mentioned above. I used the following website www.sslshopper.com to convert. When converting there will be an option for Chain Certificate File, it says optional but had to choose my gd_intermediate.crt. Reply | Quote

MrSanchez |02/03/2012 13:29:08 Hi All, I also had a problem with the locked.properties file. Had to create it in notepad and VMware support had me add the following line: storetype=pkcs12. So my file ended up looking like this: clientHost=viewservername.com clientPort=443 clientProtocol=https keyfile=keys.p12 keypass=MY_PASS storetype=pkcs12 Hope it helps someone. Thanks to the people running this website, came in very handy. Hasta la vista! Reply | Quote

GMTX |26/04/2012 15:10:52 Just one thing to add about generating the keystore. If you want more than 1024 bit keys (and these days you do), add the -keysize parameter to the command that generates the store, for example: keytool -genkey -keyalg "RSA" -keysize 2048 -keystore keys.p12 -storetype pkcs12 -validity 360 Reply | Quote

Write comment
Name:
Email:	do not notifynotify
Website:
Title:
UBBCode:	-color-aquablackbluefuchsiagraygreenlimemaroonnavyolivepurpleredsilvertealwhiteyellow -size-tinysmallmediumlargehuge
	Please input the anti-spam code that you can read in the image.

!joomlacomment 4.0 Copyright (C) 2009 Compojoom.com . All rights reserved."