生成证书签名请求 (CSR)

需先生成包含 CA 所需信息的证书签名请求，方可从 CA 定购证书。

生成 CSR

1. 以超级用户身份，运行 certadmin 脚本：

   portal-server-install-root/SUNWportal/bin/certadmin -n gateway-profile-name

   显示证书管理菜单。

   1) Generate Self-Signed Certificate 2) Generate Certificate Signing Request (CSR) 3) Add Root CA Certificate 4) Install Certificate From Certificate Authority (CA) 5) Delete Certificate 6) Modify Trust Attributes of Certificate (e.g., for PDC) 7) List Root CA Certificates 8) List All Certificates 9) Print Certificate Content 10) Quit choice: [10] 2

2. 选择证书管理菜单上的选项 2。

   脚本会提示您输入组织特定信息、令牌名以及 Web 站点管理员的电子邮件和电话号码。

   确保指定主机的全限定 DNS 名。

   What is the fully-qualified DNS name of this host? [snape.sesta.com] What is the name of your organization (ex: Company)? [] What is the name of your organizational unit (ex: division)? [] What is the name of your City or Locality? [] What is the name (no abbreviation please) of your State or Province? [] What is the two-letter country code for this unit? [] Token name is needed only if you are not using the default internal (software) cryptographic module, for example, if you want to use a crypto card (Token names could be listed using: modutil -dbdir /etc/opt/SUNWportal/cert -list); Otherwise, just hit Return below. Please enter the token name [] Now input some contact information for the webmaster of the machine that the certificate is to be generated for. What is the email address of the admin/webmaster for this server [] ? What is the phone number of the admin/webmaster for this server [] ?

3. 键入全部所需信息。

   ---

   注 –

   请勿将 Web 站点管理员的电子邮件和电话号码留为空白。此信息对于获取有效 CSR 是必需的。

   ---

   会产生 CSR 并将其存储在 portal-server-install-root /SUNWportal/bin/csr.hostname.datetimestamp 文件中。CSR 也会打印在屏幕上。当您从 CA 定购证书时，可直接复制并粘贴 CSR。