Before you configure settings on the Spectrum server, you must first generate keys and
get a certificate signing request (CSR).
This section uses the OpenSSL command-line program to generate private/public keys and
a CSR. OpenSSL comes with most Linux systems. For Windows, you can download an installation
package for OpenSSL toolkit from Shining Light Productions. Refer to the OpenSSL
command reference for more information about OpenSSL commands described here.In
the example code, replace references to example with your organization or
domain name.
-
Open an OpenSSL Command Prompt.
-
Generate a public/private key pair using the an SSL toolkit..
-
Execute the following command to generate an RSA public/private key pair.
openssl genrsa -out www.example.com.key 2048
This example generates an RSA 2,048 bit key pair. The encryption standard and
minimum length requirements may differ depending on the version of Java installed on
your machine and Certificate Authority requirements.
This displays the following
output:
openssl genrsa -out www.example.com.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
................................+++++
...+++++
e is 65537 (0x010001)
-
Generate a certificate signing request.
openssl req -new -sha256 -key www.example.com.key -out
www.example.com.csr
This command embeds your public key and information about your organization into a
certificate signing request or CSR. It will prompt for the following
information:
- Country Name (two-letter ISO-3166 country code)
- State or province name
- Locality name (such as city)
- Organization name (such as company)
- Organization unit name (unit or section in an organization)
- Common name (typically the fully qualified domain name for the server)
- Email address (contact address in your organzation)
- A challenge password (be sure to make a record of this password)
-
To ensure the validity of the CSR, run this command:
openssl req -text -in www.example.com.csr -noout
The response should look something like this:
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = US, ST = Maryland, L = Rockville, O = Example Ltd, OU = Help Central Example, CN = www.example.com, emailAddress = webmaster@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:b4:35:53:31:be:3b:79:42:23:0b:69:5b:10:
ce:80:d0:a3:dd:4d:dc:b3:aa:c1:b8:38:b9:cb:d9:
...
Exponent: 65537 (0x10001)
Attributes:
challengePassword :examplepassword
Signature Algorithm: sha256WithRSAEncryption
02:a9:f0:2f:1b:7f:09:04:ff:6f:e4:5e:51:12:22:56:4c:5c:
81:d4:e0:06:c2:0b:42:6d:18:de:29:df:97:d0:e2:24:53:35:
...
-
Submit the resulting CSR (
www.example.com.csr
) to a certificate
authority.
Send the CSR to your CA, and follow their instructions to receive your final
certificate. Different CAs charge differently for the service of vouching for your
public key.