Breadcrumbs

Create a CSR

  1. The certificate signing request (CSR) is created on a machine with OpenSSL installed.

  2. Using OpenSSL, create a private key using the commands and syntax shown below. The example shows the creation of a 2048-bit RSA key.

>_Console

# openssl genrsa -out KMIP_client.key 2048 

  1. Generate a certificate signing request (CSR) using the private key.

>_Console

# openssl req -x509 -new -nodes -key KMIP_client.key -days 3650 -out KMIP_client.cert -sha256 

The following output appears. 

>_Console

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields, there will be a default value, If you enter '.', the field will be left blank. ----- Country 

  1. Enter the information in the fields as prompted.  

Field 

Example 

Country Name 

USA 

State Name 

CA 

Locality Name 

Campbell 

Organization Name 

Oraganization 

Organization Unit Name 

Information Security 

Common Name 

kmip_client_ontap 

Email Address 

infosec@organization.com 

Table 7: List of Field with Example 

The Common Name must match the name of the KMIP user.

This process creates a certificate request file called KMIP_client.csr. It also creates a private key file called KMIP_client.key.