[BlueOnyx:06366] Re: [bluequartz] Re: 2048 bit CSR?

Eiji Hamano (bluequartz) bluequartz at hypersys.ne.jp
Sat Jan 22 03:35:55 -05 2011 

Hi  Ken

I am still  unclear in the problem 2048 bit CSR.

>> then I copy in the
>> cerfiticate, key, and request   to the certs directory

But "openssl req -new"  makes key, and request,  not cerfiticate file.
Was the cerfiticate file created from the GUI ?

If so, I did it.  But error on certificate 2 from the GUI  fiest.
The error msg was ;

 ## The imported certificate does not contain the private key for this 
certificate,
 ## and the private key currently on the server does not match this 
certificate.
 ## If importing a certificate not created on this server,
 ## the RSA private key must be included in the imported certificate file.

Would you advice me again ?

Eiji



>> Ken wote ;
>>
> cd /etc/admserv
> openssl req -new -newkey rsa:2048 -keyout key -nodes -out request
> Generating a 2048 bit RSA private key
> ..........................................+++
> ..............+++
> writing new private key to 'key'
> -----
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a 
> DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [GB]:US
> State or Province Name (full name) [Berkshire]:California
> Locality Name (eg, city) [Newbury]:Valley Center
> Organization Name (eg, company) [My Company Ltd]:Precision Web Hosting, 
> Inc.
> Organizational Unit Name (eg, section) []:WebDev
> Common Name (eg, your name or your server's hostname) 
> []:www.yourdomain.com
> Email Address []:ssladmin at precisionweb.net
> Please enter the following 'extra' attributes
> to be sent with your certificate request
> A challenge password []:
> An optional company name []:
> ?
> ?
> cat request
>
> The "request" is the CSR. After you get the certificate then I copy in the
> cerfiticate, key, and request to the certs directory.  Then from the GUI,
> import the  certificate 2, certificate 1, then root cert in that order.

More information about the Blueonyx mailing list