Using a commercial root CA

If you are using a commercial root CA, you simply need to create a Certificate Signing Request (CSR) and send it to the CA.

About this task

This procedure describes how to create a CSR using the OpenSSL toolkit, but you can use any other SSL tool. Contact your commercial root CA for details on this procedure.

This procedure creates the following two files:
  • textml_csr.pem: Certificate Signing Request
  • textml_cert_privatekey.pem: Private key associated with the Certificate; you will need to install this key on the IXIA TEXTML Server

To create a CSR:

Procedure

  1. In the openssl directory, run the following command:
    openssl req -new -nodes -keyout ./CA/private/textml_cert_privatekey.pem -out ./CA/newcerts/textml_csr.pem -config ./openssl.cnf
  2. Enter the information requested, as follows:
    NameDescription
    Organization Name Exact legal name of your organization.

    For example, ACME

    Organizational Unit Name Section of the organization. Optional.

    For example, Technical Publications.

    Email Address Email address for the certificate. Optional.

    For example, administrator@acme.com.

    Locality Name City where your organization is located.

    For example, Montreal.

    State or Province Name State or province where your organization is located.

    For example, Quebec.

    Country Name Two-letter ISO code for your country.

    For example, CA.

    For the detailed list, see the following URL:

    http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

    Common Name Fully qualified domain name (FQDN) of the TEXTML Server. This must be the exact URL.

    For example, dita-textml.acme.local.

  3. Send the CSR file (i.e., textml_csr.pem) to the commercial CA.

Results

After verification, the commercial CA will return a signed certificate. The examples in this document assume that the signed certificate is called textml_signed_cert.pem.