openssl netscaler sha256 csr certificate request
- Angelo Schalley
- Sep, 13, 2016
- Certificates, Citrix, Netscaler, Networking
- No Comments
Instructions
Complete the following steps to generate SHA2 CSR on NetScaler using OpenSSL:
- Create a custom configuration file named openssl.cnf. The file can have the following entries. Modify the entries according to the requirement. You can create this file on NetScaler using the VI editor or any other editor.
[req] default_bits = 2048 prompt = no encrypt_key = no default_md = sha256 distinguished_name = dn [dn] CN = test.example.com OU = Test Certificate O = Test Company L = Test City ST = California C = US emailAddress = test@example.com
- Upload the openssl.cnf file to the /nsconfig/ssl directory.
- Log on to NetScaler using PuTTY.
- Browse to the /nsconfig/ssl directory and execute the following command to create a Key and CSR:
root@ns# openssl req -out test.csr -config openssl.cnf -new -newkey rsa:2048 -nodes -keyout test.keyGenerating a 2048 bit RSA private key ......................................+++ ...............................................+++ writing new private key to 'test.key' -----
- Use the following command to verify if the CSR created is SHA2:
root@ns# openssl req -text -noout -in test.csr | grep ‘Signature Algorithm’Certificate Request: Data: Version: 0 (0x0) Subject: CN=link.rc.test.com, OU=TEST, O=DSI, L=Clichy, ST=Haut de Seine, C=Fr/emailAddress=bruce.wayne@test.fr Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:b9:2b:66:9a:fe:55:8e:da:ac:85:c6:67:94:6d: 88:34:6b:92:00:6b:0f:02:bc:40:20:9d:be:db:b1: 04:3b:b1:2e:79:6e:60:f6:9e:2d:c1:49:09:3b:6e: 9c:4e:f9:7f:17:ea:ed:99:b6:1b:15:44:ea:8b:e4: f1:87:32:8a:73:10:c1:6b:d7:c8:7f:1a:a6:83:ef: 1f:a8:38:82:0e:b2:f1:09:69:af:ee:e4:eb:ac:7f: cc:75:09:95:21:79:fe:0c:e3:e0:3e:c0:86:ee:fc: f3:c4:e2:1f:e2:ed:12:ee:94:b1:aa:d3:22:fb:70: bb:aa:55:84:50:28:82:2a:7f:e2:34:a7:9b:65:0c: 72:5e:41:42:b5:60:2b:63:67:82:aa:ae:79:c5:a0: bc:72:3e:14:18:37:ef:5e:69:fd:b8:53:d2:19:fa: f0:c6:bf:3a:b1:24:45:c9:e4:9c:58:f9:5c:3c:44: c0:c2:3e:b7:a3:ec:d2:a2:bc:a6:ae:b6:18:e7:fe: 33:67:06:c6:c9:5b:98:2c:87:45:ee:a6:ee:f5:6e: 25:6f:75:ba:bd:58:60:4c:b7:ae:c6:ed:03:3c:f6: 37:bc:2b:02:b4:9a:9e:02:d2:62:db:b2:b0:b1:df: a7:16:ae:df:19:fa:27:b9:47:ec:56:fa:81:84:ae: fa:81 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha256WithRSAEncryption 21:fd:2c:88:37:4d:5b:a2:bc:e0:90:dd:01:06:bc:30:54:91: 6e:cd:49:04:e3:d6:49:3c:85:d6:7d:15:bd:e7:a4:81:28:8d: 47:5f:df:12:7c:50:3e:b8:7d:6f:7e:3b:7f:bc:4a:a9:64:26: af:68:23:fa:84:81:cb:df:ec:fe:cb:32:d4:db:52:38:77:bd: ec:9d:59:d9:d0:f2:c4:4e:f5:9f:0b:b7:78:79:d9:00:11:1c: 49:36:c3:7e:92:c4:5c:e1:c1:d6:85:0c:44:55:68:0b:54:ea: de:bb:a1:b9:25:b8:de:5a:06:55:6e:86:eb:86:c2:67:c2:47: a2:5e:7d:6c:20:30:5a:8a:08:12:88:41:f6:54:48:ec:fa:6f: 55:c6:2f:cf:31:68:b5:5f:6a:a0:30:f3:c3:62:db:78:4a:53: a4:2a:67:9e:5a:6b:2c:a7:8a:05:36:6e:da:61:f8:93:c3:a0: 98:9c:4c:33:b6:a1:8d:85:6e:bb:08:ad:7f:56:69:ba:86:87: c2:8d:3c:85:aa:4f:d0:74:8f:6d:9f:e4:06:d0:7b:16:df:2c: 2e:18:9b:7f:f5:6c:4f:1e:e3:00:f8:49:8d:b4:5e:4b:cd:8b: 3b:6a:e6:a6:fa:e6:71:00:b9:ed:ed:9b:ef:91:e3:ab:a1:24: 2d:2a:41:bc
The preceding article helps you in generating the CSR by creating a new key. However, if you want to use an existing key, then use the following command:
openssl req -out csr.csr -key /nsconfig/ssl/existing_key.key -new -sha256 -config /etc/nsssl.conf
info from : http://support.citrix.com/article/CTX202383
Categories
