Creates a server certificate request and corresponding private key. This utility can be used in interactive mode, or you can provide all optional parameters on the command line. Located in $SYBASE/$SYBASE_OCS/bin.
OpenSSL is distributed as a convenience in the Open
Client Server (OCS) release. Documentation is available at the OpenSSL Web site.
Windows The utility is certreq.exe, and is located in %SYBASE%\%SYBASE_OCS%\bin.
certreq [-F input_file] [-R request_filename] [-K PK_filename] [-P password]
Or
certreq -v
specifies the file name that contains attribute information to build a certificate request. If you do not specify an input_file name, the required information must be interactively entered by a user.
The input_file needs an entry for each of the following:
req_certtype={Server,Client}
req_keytype={RSA,DSA}
req_keylength={for RSA: 512-4096;
for DSA: 512,768,1024}
req_country={string}
req_state={string}
req_locality={string}
req_organization={string}
req_orgunit={string}
req_commonname={string}
The common name must be the same as the server name.
See the Examples section for a sample file called input_file.
specifies the name for the certificate-request file.
specifies the name for the private-key file.
specifies the password used to protect the private key.
displays the version number and copyright message, then exits.
This example does not use the -F input_file parameter, and is therefore in interactive mode. To create a server certificate request (server_req.txt) and its private key (server_pkey.txt), enter:
certreq
Choose certificate request type: S – Server certificate request C – Client certificate request (not supported) Q – Quit Enter your request [Q] : s Choose key type: R – RSA key pair D – DSA/DHE key pair Q – Quit Enter your request [Q] : r Enter key length (512, 768, 1024 for DSA; 512-2048 for RSA) : 512 Country: US State: california Locality: dublin Organization: sybase Organizational Unit: dst Common Name: server
The utility returns the message:
Generating key pair (please wait) . . .
After the key pair is generated, the certreq utility prompts you for more information.
Enter password for private key : password Enter file path to save request: server_req.txt Enter file path to save private key : server_pkey.txt
In this sample text file, the format, tag=value, is used for noninteractive entry for a certificate request. You can use the -F option for noninteractive mode. When you use the -F option, be sure to use valid values and follow the format described above. Failure to do so prevents the certificate from being built correctly.
certreq -F input_file
req_certtype=server req_keytype=RSA req_keylength=512 req_country=us req_state=california req_locality=dublin req_organization=sybase req_orgunit=dst req_commonname=server
After you create and save this file, enter on the command line, where path_and_file is the location of the text file:
certreq -F path_and_file -R server_req.txt -K server_pkey.txt -P password
This file creates a server certificate request, server_req.txt, and its private key, server_pkey.txt which is protected by password.
You can edit the server certificate file with any standard ASCII text editor.
The input file uses the format of tag=value. tag is case-sensitive and should be the same as described above.
Adaptive Server includes the openssl open source utility in $SYBASE/$SYBASE_OCS/bin. Use openssl to accomplish all certificate management tasks implemented by certreq, certauth and certpk12. Sybase includes this binary as a convenience, and is not responsible for any issues incurred using the binary. See the Open Source SSL website for details.
The “=” is required. Valid value should start with a letter or digit, must be a single word, and there should not be any spaces within value.
value is required for req_certtype, req_keytype, req_keylength and req_commonname.
The space or tab around <tag>, = and value is allowed. Blank lines are also allowed.
Each comment line should start with #.
The certificate request file is in PKCS #10 format and used as acceptable input for the certauth tool to convert the request to a CA-signed certificate.
