產生憑證簽署請求 (CSR)

可以從 CA 訂製憑證之前，您需要產生包含 CA 所需要資訊的憑證簽署要求。

產生 CSR

1. 以超級使用者身份執行 certadmin 程序檔：

   portal-server-install-root/SUNWportal/bin/certadmin -n gateway-profile-name

   系統便會顯示憑證管理功能表。

   1) Generate Self-Signed Certificate 2) Generate Certificate Signing Request (CSR) 3) Add Root CA Certificate 4) Install Certificate From Certificate Authority (CA) 5) Delete Certificate 6) Modify Trust Attributes of Certificate (e.g., for PDC) 7) List Root CA Certificates 8) List All Certificates 9) Print Certificate Content 10) Quit choice: [10] 2

2. 在憑證管理功能表上選擇選項 2。

   程序檔提示您輸入組織特定的資訊、記號名稱和網路管理員電子郵件及電話號碼。

   請指定主機的完整合格 DNS 名稱。

   What is the fully-qualified DNS name of this host? [snape.sesta.com] What is the name of your organization (ex: Company)? [] What is the name of your organizational unit (ex: division)? [] What is the name of your City or Locality? [] What is the name (no abbreviation please) of your State or Province? [] What is the two-letter country code for this unit? [] Token name is needed only if you are not using the default internal (software) cryptographic module, for example, if you want to use a crypto card (Token names could be listed using: modutil -dbdir /etc/opt/SUNWportal/cert -list); Otherwise, just hit Return below. Please enter the token name [] Now input some contact information for the webmaster of the machine that the certificate is to be generated for. What is the email address of the admin/webmaster for this server [] ? What is the phone number of the admin/webmaster for this server [] ?

3. 輸入所有需要的資訊。

   ---

   備註 –

   請務必填寫網路管理員電子郵件和電話號碼。為了獲得有效的 CSR，必須填寫這兩項資訊。

   ---

   CSR 會產生並儲存於 portal-server-install-root /SUNWportal/bin/csr.hostname.datetimestamp 檔案中。CSR 同時會列印於螢幕上。當您從 CA 訂製憑證時，可以直接複製並貼上 CSR。