Generating a Certificate Signing Request, suitable for use with CoSign

CoSign uses SSL to ensure the integrity of authentication requests between the cosign server and the application server.

The following instructions cover generation of a Certificate Signing Request (CSR). These instructions are suitable for use with CoSign, but are also valid for generating CSRs for other Certificate Authorities.

If you want to learn how to install and configure CoSign, you should read the instructions on installing CoSign.

Generating the CSR

First, generate a private key:

openssl genrsa -out privkey.pem 2048

Now, use the private key to generate a CSR:

openssl req -new -key privkey.pem -out csr.pem

OpenSSL requires quite a bit of information that goes into the request, so it asks for things interactively.

Country Name (2 letter code) [GB]:GB
State or Province Name (full name) [Berkshire]:Lancashire
Locality Name (eg, city) [Newbury]:Lancaster
Organization Name (eg, company) [My Company Ltd]:Lancaster University
Organizational Unit Name (eg, section) []:your department name
Common Name (eg, your name or your server's hostname) []:name of server
Email Address []:press RETURN

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:press RETURN
An optional company name []:press RETURN

As an alternative, if your machine's hostname is fully qualified (e.g. 'hostname' returns 'myserver.lancaster.ac.uk'), you can use the following:

openssl req -new -key privkey.pem -out csr.pem -subj "/C=GB/L=Lancaster/O=Lancaster University/CN=$(hostname)/"

You can verify what the CSR contains with:

openssl req -in csr.pem -noout -text

You should email the CSR (contents of file csr.pem) to Steve Bennett.
Note that the CSR is plain text, it can be included as-is: it does not need to be zipped or sent as an attachment.

Steve Bennett
last updated: 08/07/2019