Generates a CSR, and a public and private key pair.
tarantella security certrequest --countrycountry
--statestate
--orgnameorg
[ --ounameou
] [ --emaillocality
] [ --keylengthlength
]
You send the generated CSR to a supported CA to obtain an SSL certificate for use with SGD security services.
Note the following:
If your CA lets you change the host name stored in the SSL certificate, make sure the SSL certificate contains a fully qualified DNS name. For example, boston.example.com, not boston.
If the SGD server has multiple DNS names, for example, it is known by different names inside and outside a firewall, you can specify the additional DNS names as subject alternative names for the SSL certificate. This enables you to associate more than one DNS name with the SSL certificate.
Make a copy of the private key and CSR generated by this
command and keep them in a safe, secure location. Key
information is stored in the
/opt/tarantella/var/tsp
directory.
If your private key is lost or damaged, you will be
unable to use any SSL certificate you obtain using the
CSR.
This command generates a new CSR and key pair each time you
run it. If you generate a new CSR with this command, the
previous CSR is overwritten and the new private key is stored
in the file
/opt/tarantella/var/tsp/key.pending.pem
.
You can use the Section D.85, “tarantella security certinfo” command to display information about SSL certificates and CSRs.
If you do not specify
--ouname
,
--email
or
--locality
SGD
omits that information from the CSR. There are no default values.
The following table shows the available options for this command.
Option | Description |
---|---|
| Specifies the country where your organization is located. Use ISO 3166 country codes. For example, use US for the United States or DE for Germany. |
| Specifies the state or province where your organization is located. Do not use abbreviations here. For example, use Massachusetts rather than Mass. or MA. |
| Specifies the official, legal name of your organization. |
| Specifies the name of a organizational unit (OU) within your organization, if required. If you do not need to specify an OU, you can use this setting to specify a less formal organization name. |
| Specifies your business email address. This address is used for correspondence between you and the CA you send the CSR to. |
| Specifies the city or principality where your organization is located, if needed. |
| Specifies the length of the key pair. The default is 1024. |
Make sure you quote any object names containing spaces, for
example, "o=Example"
.
The following example generates a CSR for Example, located in Massachusetts, with contact Bill Orange.
# tarantella security certrequest \ --country US \ --state MA \ --orgname "Example" \ --email "orange@example.com"