Breadcrumbs

Create a CSR on the Client

  1. The certificate signing request (CSR) is created on the machine running the client.

Before performing this step, ensure that OpenSSL is already installed on your system.

  1. Using OpenSSL, create a private key, using the commands and syntax shown below. This example shows the creation of a 2048-bit RSA key.

›_ Console

 
# openssl genrsa -out KMIP_client.key 2048

The following output appears:

›_ Console

 
Generating RSA private key, 2048 bit long modulus 

............................+++ 
............................+++ e is 65537 (0x10001)

  1. Generate a certificate signing request (CSR) using the private.

›_ Console

 
# openssl req -config "<path>openssl.cnf" -new -key KMIP_client.key > KMIP_client.csr

The following output appears:

›_ Console

 
You are about to be asked to enter information that will be incorporated into your certificate request. 
What you are about to enter is what is called a Distinguished Name or a 
DN. 
There are quite a few fields but you can leave some blank 
For some fields, there will be a default value, If you enter '.', the field will be left blank. 
----- 
Country Name (2 letter code) [AU]: 
...

  1. Enter the information in the fields as prompted.

Field

Example

Country Name

USA

State Name

CA

Locality Name

Campbell

Organization Name

Organization

Organization Unit Name

Information Security

Common Name

ESKM

Email Address

infosec@organization.com

List of Field with Example

The Common Name must match the name of the KMIP user.

  1. You are then prompted to add other parameters, such as a “challenge password” or “optional company name”. To skip those parameters, press Enter.

This process creates a certificate request file called KMIP_client.csr. It also creates a private key file called KMIP_client.key.

  1. Download KMIP_client.key file to client system with correct name; in this case, /var/lib/mysql/mysql-keyring-okv/ssl/key.pem.