Wednesday, July 28, 2021
ECC CSR GENERATION WITH OPENSSL
Hello Everyone, Welcome to another blog on PKI404 about ECC CSR Generation with openssl. So let's start without any further due.
ECC CSR GENERATION WITH OPENSSL
First Step is to check curves and select as per your usage
openssl ecparam -list_curves
prime256v1 is fine
Now Follow the below steps.
if you have apache server installed then you may go to Apache/bin and use openssl tool else download from below Link
Download openssl - https://www.openssl.org/source/
Once download open in command prompt in administrator and go to openssl/bin and run below command
1.
At the prompt, type the following command to generate an ECC
private key using the OpenSSL ecparam tool to generate your .key file:
openssl ecparam -out server.key
-name prime256v1 -genkey
Where server is the name of your server.
Note: Recommended ECC key size is 256-bit. If greater
encryption strength is required, your other private key option is secp384r1.
2.
Save (backup) the generated .key file, making
sure to note its location. This private key is required later for ECC SSL
Certificate installation.
3.
Next, type the following command to generate a ECC certificate
signing request (CSR):
For Linux
openssl req -new -key server.key
-out server.csr -sha256
for winodows run in openssl bin folder with below command
openssl req -new -key server.key
-out server.csr -sha256 -config openssl.cnf
Make Sure you copy
openssl.cnf file from openssl directory to its bin folder in windows only.
Where server is the name of your server.
4.
As you are prompted, enter the following information:
For fields that are not required, you can enter '.' and those fields will be left blank.
Country Name (2 letter code) [AU]: IN
Type the two letter code for the country where your company is legally located.
State or Province Name (full name) [Some-State]: Delhi
Type the name of the state or providence where your company is legally located.
Locality Name (eg, city) [ ]: New Delhi
Type the name of the city where your company is legally located.
Organization Name (eg, company) [PKI404 Pvt Ltd]: PKI404
Type your company's legally registered name.
Organizational Unit Name (eg, section) [ ]: IT
Type the name of the department within your organization that you want to appear on the ECC SSL Certificate.
Common Name (e.g. server FQDN) [ ]: www.pki404.com or *.pki404.com
Type the fully qualified domain name (i.e. www.example.com) for the site that you are securing.
Note: If you are generating CSR for a Wildcard SSL Certificate, your common name should start with an asterisk (e.g., *.example.com).
6. Now, open the .csr file with a text editor and copy the text of your CSR, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it into order form. This is how your csr file looks.
-----BEGIN CERTIFICATE REQUEST-----MIICrTCCAZUCAQAwaDELMAkGA1UEBhMCSU4xDjAMBgNVBAgMBURlbGhpMRIwEAYD
VQQHDAlOZXcgRGVsaGkxEDAOBgNVBAoMB1BLSSA0MDQxCzAJBgNVBAsMAkNBMRYw
FAYDVQQDDA1QS0kgNDA0IFN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA+JiR6HoSazhUkeAye2TvVkQ/xOt+SmKvDizf47RI9oW3aeYNQKP4UGm3
FCa9JRuLoNyY72DSlXm0L3u7VUbvUQGF+sKkLV+dG80/r5M5UjZ2odQCQLi18Nt9
ilSwgVIFQjEZCMa+d4ts8vvUFfmbkBaM+Ce5Cu8mtQqcc8VcFnvPOTu8KCrJMrzh
U5cOIS05BpJnMae7lYxSK3zdDoecDH1VYV9vsKzyfqicOXVzm1tkw9WpDHLTvxQu
GgE9Gm7AIZitRmbTPh9cUZKbKqVNrh+8gmjx3LSk3p6JiHzJicqALRirowN9x6ot
iUxN+rkUsMc0LJ+a5bFHjBQ9PegbxwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB
AFw+Dtg/o8QGVusabLHAQ+3BK6SLWOXNN2od0LIyR3r4GgRwGnMzm1U7cyivKhp+
zyZi4kHO7d1V5Jhf3ICrtbKm41ci3f2UpIfoa3mPMw1h9SUc425m2oODNMCNbtpw
XkLp0VPpo12q6EkkYTwsxbUpX7yopmXx+GS5RQorw8O6YtjX0Hsuv1q210PHoTt+
0srpkeb51nHUhHMTOFgtsre9b+iG2jW0T6MX+W8ebTZPFERIkKqENayaCl7Xl98C
kxIWljG99gwjm+UqJrnFZfXlgO2BZbeov1yIZUE9UC1ntGwodxTXLwKjXLLgNFUk
a0GiMRo+C+Vm/uj12Grw894=
-----END CERTIFICATE REQUEST-----
Check csr content
For linux
openssl req -in serverecc.csr -noout -text
for windows
openssl req -in serverecc.csr -noout -text -config
openssl.cnf
output in windows
No comments :
Post a Comment