Create a Certificate Signing Request (CSR)

The next step is to create a Certificate Signing Request (CSR).

When you create a CSR, it creates two files.
  • textml_csr.pem is the actual Certificate Signing Request
  • textml_cert_privatekey.pem is the private key associated with the Certificate, which you need to install on the TEXTML Server

To create a CSR:

  1. In the openssl directory, run the openssl req command: 
    openssl req -new -nodes -keyout ./CA/private/textml_cert_privatekey.pem -out ./CA/newcerts/textml_csr.pem -config ./openssl.cnf
  2. Enter the requested information.

    Name

    Description

    Organization Name

    Exact legal name of your organization.

    Example: ACME

    Organizational Unit Name

    Section of the organization.

    Example: Technical Publications.

    Email Address

    Email address for the certificate.

    Example: administrator@acme.com.

    Locality Name

    City where your organization is located.

    Example: Los Angeles.

    State or Province Name

    State or province where your organization is located.

    Example: California.

    Country Name

    Two-letter ISO code for your country.

    Example: US.

    See http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.

    Common Name

    Fully qualified domain name (FQDN) of the TEXTML Server. This must be the exact URL.

    Example: dita-textml.acme.local.

The CSR file and private keys are created. The next sub-step is to sign the CSR. See Sign the CA.