Generate a Certificate Request
- In the Directory Server Console, select the Tasks tab, and click Manage Certificates.
- Select the Server Certs tab, and click the Request button. This opens the Certificate Request Wizard.
- Click Next.
- Enter the Requester Information in the blank text fields, then click Next.
- Server Name. Enter the fully qualified hostname of the Directory Server as it is used in DNS and reverse DNS lookups; for example,
dir.example.com
. The server name is critical for client-side validation to work, which prevents man-in-the-middle attacks. - Organization. Enter the legal name of the company or institution. Most CAs require this information to be verified with legal documents such as a copy of a business license.
- Organizational Unit. Optional. Enter a descriptive name for the organization within the company.
- Locality. Optional. Enter the company's city name.
- State or Province. Enter the full name of the company's state or province (no abbreviations).
- Country. Select the two-character abbreviation for the country's name (ISO format). The country code for the United States is US.
- The Next button is grayed out until a password is supplied.
- The Request Submission dialog box provides two ways to submit a request: directly to the CA (if there is one internally) or manually. To submit the request manually, select Copy to Clipboard or Save to File to save the certificate request which will be submitted to the CA.
- Click Done to dismiss the Certificate Request Wizard.
After generating the certificate request, send it to the CA.
After the certificate request is generated, send it to a certificate authority (CA); the CA will generate return a server certificate.
After emailing the certificate request, wait for the CA to respond with the server certificate. Response time for requests varies. For example, if the CA is internal to the company, it may only take a day or two to respond to the request. If the selected CA is a third-party, it could take several weeks to respond to the request.
After receiving the certificate, install it in the Directory Server's certificate database. When the CA sends a response, be sure to save the information in a text file. The certificate must be available to install in the Directory Server.
Also, keep a backup of the certificate data in a safe location. If the system ever loses the certificate data, the certificate can be reinstalled using the backup file.
- Most certificate requests are emailed to the CA, so open a new message.
- Copy the certificate request information from the clipboard or the saved file into the body of the message.
-----BEGIN NEW CERTIFICATE REQUEST----- MIIBrjCCARcCAQAwbjELMAkGA1UEBhMCVXMxEzARBgNVBAgTCkNBTElGT1J OSUExLDAqBgVBAoTI25ldHNjYXBlIGNvbW11bmljYXRpb25zIGNvcnBvcmF 0aW9uMRwwGgYDVQQDExNtZWxsb24ubmV0c2NhcGUuY29tMIGfMA0GCSqGSI b3DQEBAQUAA4GNADCBiQKBgQCwAbskGh6SKYOgHy+UCSLnm3ok3X3u83Us7 ug0EfgSLR0f+K41eNqqRftGR83emqPLDOf0ZLTLjVGJaH4Jn4l1gG+JDf/n /zMyahxtV7+mT8GOFFigFfuxaxMjr2j7IvELlxQ4IfZgWwqCm4qQecv3G+N 9YdbjveMVXW0v4XwIDAQABoAAwDQYK ------END NEW CERTIFICATE REQUEST-----
- Send the email message to the CA.
After receiving the certificate, install it in the Directory Server's certificate database. When the CA sends a response, be sure to save the information in a text file. The certificate must be available to install in the Directory Server.
Also, keep a backup of the certificate data in a safe location. If the system ever loses the certificate data, the certificate can be reinstalled using the backup file.
No comments:
Post a Comment