Creates a server certificate request and corresponding private key. Use certreq in interactive mode, or provide all optional parameters on the command line.
The utility is located in:
(UNIX) $SYBASE/$SYBASE_OCS/bin.
(Windows) the utility is certreq.exe, located in %SYBASE%\%SYBASE_OCS%\bin.
certreq [-F input_file] [-R request_filename] [-K PK_filename] [-P password]
Or
certreq -v
specifies the file name that contains attribute information to build a certificate request. If you do not specify an input_file name, the required information must be interactively entered by a user.
The input_file needs an entry for each of these:
req_certtype={Server,Client} req_keytype={RSA,DSA} req_keylength={for RSA: 512-4096; for DSA: 512,768,1024} req_country={string} req_state={string} req_locality={string} req_organization={string} req_orgunit={string} req_commonname={string}
The common name must be the same as the server name.
See the Examples section for a sample file called input_file.
specifies the name for the certificate-request file.
specifies the name for the private-key file.
specifies the password used to protect the private key.
displays the version number and copyright message, then exits.
This example does not use the -F input_file parameter, and is therefore in interactive mode. To create a server certificate request (server_req.txt) and its private key (server_pkey.txt), enter:
certreq
Choose certificate request type: S – Server certificate request C – Client certificate request (not supported) Q – Quit Enter your request [Q] : s Choose key type: R – RSA key pair D – DSA/DHE key pair Q – Quit Enter your request [Q] : r Enter key length (512, 768, 1024 for DSA; 512-2048 for RSA) : 512 Country: US State: california Locality: dublin Organization: sybase Organizational Unit: dst Common Name: server
The utility returns the message:
Generating key pair (please wait) . . .
After the key pair is generated, the certreq utility prompts you for more information.
Enter password for private key : password Enter file path to save request: server_req.txt Enter file path to save private key : server_pkey.txt
In this sample text file, the format, tag=value, is used for noninteractive entry for a certificate request. Use the -F option for noninteractive mode, making sure to use valid values and following the format described above to ensure that the certificate builds correctly.
certreq -F input_file
req_certtype=server req_keytype=RSA req_keylength=512 req_country=us req_state=california req_locality=dublin req_organization=sybase req_orgunit=dst req_commonname=server
After you create and save this file, enter on the command line, where path_and_file is the location of the text file:
certreq -F path_and_file -R server_req.txt -K server_pkey.txt -P password
This file creates a server certificate request, server_req.txt, and its private key, server_pkey.txt which is protected by password.
Edit the server certificate file with any standard ASCII text editor.
Adaptive Server includes the openssl open source utility in $SYBASE/$SYBASE_OCS/bin (%SYBASE%\%SYBASE_OCS%\bin in Windows). Use openssl to accomplish all certificate management tasks implemented by certreq, certauth and certpk12. Sybase includes this binary as a convenience, and is not responsible for any issues incurred using the binary. See the OpenSSL Web site for details.
The input file uses the format of tag=value. tag is case-sensitive and should be the same as described above.
Running certreq requires that you place the entry for $SYBASE/$SYBASE_OCS/lib3p before the entry for $SYBASE/$SYBASE_OCS/libp364 in the dynamic library search path
The “=” is required. Valid value should start with a letter or digit, must be a single word, and there should not be any spaces within value.
value is required for req_certtype, req_keytype, req_keylength and req_commonname.
The space or tab around <tag>, = and value is allowed. Blank lines are also allowed.
Each comment line should start with #
.
The certificate request file is in PKCS #10 format and used as acceptable input for the certauth tool to convert the request to a CA-signed certificate.