Certificate Enrollment Gateway requires a TLS certificate to secure incoming connections over HTTPS. To create a key pair and CSR for this certificate, run the following command in any CSP 1.0.0 PKI cluster node.
openssl req -nodes -newkey rsa:2048 -keyout <keyout> -out <csr> -subj "<subject>"See below for each option.
Parameter | Description |
|---|---|
<keyout> | The file path for the private key. You will need this file later to install the certificate in CSP 1.0.0 PKI. |
<csr> | The file path for the CSR. |
<subject> | The subject for the CSR. |
For example:
openssl req -nodes -newkey rsa:2048 -keyout /home/sysadmin/ceg/private.key -out /home/sysadmin/ceg/csr.txt -subj "/CN=example.com"