Wednesday, April 20, 2016

[389-users] Create Certificate Signing Request File


I need to create certificate signing request file that can be sent to certificate authority vendors, like GoDaddy, etc. I have two questions:

1) The certutil command line output a CSR file which has different format than the CSR file generated using 389-console the GUI. The main difference is that the certutil command line generates something like:

Certificate request generated by Netscape certutil
Phone: xxx-xxx-xxxx

Common Name: ....
Email: (not specified)
Organization: my organization
State: ...
Country: US

Following above, it's the "BEGIN NEW CERTIFICATE" section.

However, if it's GUI, only "BEGIN NEW CERTIFICATE" section is there.

Why the two methods generates output file different? Will it be ok to just use certuti command output with "BEGIN NEW CERTIFICATE" section to send to vendor?

2) Do I also need to create certificate signing request file for each admin server? Will that be the same procedure for the directory server instance?

- xinhuan
389-users mailing list

No comments:

Post a Comment