Creates a server certificate request and corresponding private key. This utility can be used in interactive mode, or you can provide all optional parameters on the command line.
certreq [-F input_file] [-R request_filename] [-K PK_filename] [-P password] [-v]
-F input_file
specifies the input-file name that contains attribute information to build a certificate request. If you do not specify an input_file name, the required information must be interactively entered by a user.
The input_file needs an entry for each of the following:
req_certtype={Server,Client}
req_keytype={RSA,DSA}
req_keylength={for RSA: 512-2048;
for DSA: 512,768,1024}
req_country={string}
req_state={string}
req_locality={string}
req_organization={string}
req_orgunit={string}
req_commonname={string}
The common name must be the same as the server name,
except in a cluster environment where multiple servers may use the
same common name.
See “Common name validation in an SDC environment” for more details.
See Example 2 for a sample file, called input_file.
-R request_filename
specifies the name for the certificate-request file.
-K PK_filename
specifies the name for the private-key file.
-P password
specifies the password used to protect the private key.
-v
displays the version number and copyright message, then exits.
This example does not use the -F input_file parameter, therefore, it is in interactive mode. To create a server certificate request (server_req.txt) and its private key (server_pkey.txt), enter:
certreqChoose certificate request type:
S – Server certificate request
C – Client certificate request (not supported)
Q – Quit
Enter your request [Q] : s
Choose key type: R – RSA key pair
D – DSA/DHE key pair
Q – Quit
Enter your request [Q] : r
Enter key length (512, 768, 1024 for DSA; 512-2048 for RSA) : 512
Country: US
State: california
Locality: emeryville
Organization: sybase
Organizational Unit: dst
Common Name: server
The utility returns the message:
Generating key pair (please wait) . . .
After the key pair is generated, the certreq utility prompts you for more information.
Enter password for private key : password
Enter file path to save request: server_req.txt
Enter file path to save private key : server_pkey.txt
Alternatively, you can use the -F option for noninteractive mode. When you use the -F option, use valid values and follow the format described above. Failure to do so prevents the certificate from being built correctly.
Below is a sample text file that can be used for noninteractive entry for a certificate request.
certreq -F input_file
req_certtype=server req_keytype=RSA req_keylength=512 req_country=us req_state=california req_locality=emeryville req_organization=sybase req_orgunit=dst req_commonname=server
After you create and save this file, enter on the command line:
certreq -F path_and_file -R server_req.txt -K server_pkey.txt -P password
where path_and_file is the location of the text file.
This file creates a server certificate request, server_req.txt, and its private key, server_pkey.txt, which is protected by password.
You can edit the server certificate file with any standard ASCII text editor.
The input file uses the format of <tag>=value. <tag> is case sensitive and should be the same as described above.
The “=” is required. Valid value should start with a letter or digit, must be a single word, and there should not be any spaces within value.
value is required for <tag>s “req_certtype,” “req_keytype,” “req_keylength,” and “req_commonname.”
The space or tab around <tag>, “=” and value is allowed. Blank lines are also allowed.
Each comment line should start with “#”.
The certificate request file is in PKCS #10 format and used as acceptable input for the certauth tool to convert the request to a CA-signed certificate.
certauth
