Create a CSR on the Client

1. The certificate signing request (CSR) is created on the machine running the client.

2. Using OpenSSL, create a private key, using the commands and syntax shown below. This example shows the creation of a 2048-bit RSA key.

#openssl genrsa -out KMIP_client.key 2048 

The following output appears:

Generating RSA private key, 2048 bit long modulus 

............................+++ 

............................+++ 

e is 65537 (0x10001) 

3. Generate a certificate signing request (CSR) using the private key.

openssl req -config "<path>openssl.cnf" -new -key KMIP_client.key > 

KMIP_client.csr

The following output appears:

You are about to be asked to enter information that will be incorporated into your certificate request. 
What you are about to enter is what is called a Distinguished Name or a DN. 
There are quite a few fields but you can leave some blank 
For some fields, there will be a default value, 
If you enter '.', the field will be left blank. 
----- 
Country Name (2 letter code) [AU]: 
... 

4. Enter the information in the fields as prompted.

Certification Information

5. You are then prompted to add other parameters, such as a “challenge password” or

“optional company name”. To skip those parameters, press Enter.

This process creates a certificate request file called KMIP_client.csr. It also creates a private key file called KMIP_client.key.

6. Download KMIP_client.key file to client system with correct name; in this case,

/var/lib/mysql/mysql-keyring-okv/ssl/key.pem.

For Windows, execute the steps 1 to 5 from Create a CSR on the client section and then follow step 7.

7. Download and save KMIP_client.key file in C:\Program Files\MySQL\MySQL Server 8.0\mysql-keyring-okv\ssl location as key.pem.