If you are using a commercial root CA, you simply need to create a
Certificate Signing Request (CSR) and send it to the CA.
You can create a CSR using the OpenSSL toolkit or any other SSL tool. Contact your commercial
root CA for details.
A commercial root CA creates two files.
- textml_csr.pem is the Certificate Signing
Request (CSR)
- textml_cert_privatekey.pem is a private key
associated with the CA and you must install this key on the IXIA TEXTML Server
To create a CSR:
-
In the
openssl directory, run the following command.
openssl req -new -nodes -keyout ./CA/private/textml_cert_privatekey.pem -out ./CA/newcerts/textml_csr.pem -config ./openssl.cnf
-
Enter the required information.
|
Name
|
Description
|
|---|
|
Organization Name
|
Exact legal name of your organization.
Example: ACME
|
|
Organizational Unit Name
|
Section of the organization.
Example: Technical Publications.
|
|
Email Address
|
Email address for the certificate.
Example: administrator@acme.com.
|
|
Locality Name
|
City where your organization is located.
Example: Los Angeles.
|
|
State or Province Name
|
State or province where your organization is located.
Example: California.
|
|
Country Name
|
Two-letter ISO code for your country.
Example: US.
See http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.
|
|
Common Name
|
Fully qualified domain name (FQDN) of the TEXTML Server. This must be
the exact URL.
Example: dita-textml.acme.local.
|
-
Send the CSR file (i.e., textml_csr.pem) to the commercial CA.
After verification, the commercial CA will return
a signed certificate. The examples in this document assume that the signed
certificate is called textml_signed_cert.pem.
This completes the step of using a commercial root CA. Proceed to Step 2: Install a signed CA on IXIA TEXTML Server.
