If you are using a commercial root CA, you simply need to create a
Certificate Signing Request (CSR) and send it to the CA.
This procedure describes how to create a CSR using the OpenSSL
toolkit, but you can use any other SSL tool. Contact your commercial root CA for
details on this procedure.
This procedure creates the following two files:
- textml_csr.pem:
Certificate Signing Request
- textml_cert_privatekey.pem: Private key associated with the
Certificate; you will need to install this key on the IXIASOFT TEXTML Server
To create a CSR:
-
In the
openssl directory, run
the following command:
openssl req -new -nodes -keyout ./CA/private/textml_cert_privatekey.pem -out ./CA/newcerts/textml_csr.pem -config ./openssl.cnf
-
Enter the information requested, as follows:
| Name | Description |
|---|
| Organization Name |
Exact legal name of your organization.
For example, ACME |
| Organizational Unit Name |
Section of the organization. Optional.
For example, Technical
Publications. |
| Email Address |
Email address for the certificate. Optional.
For example, administrator@acme.com. |
| Locality Name |
City where your organization is located.
For example, Montreal. |
| State or Province Name |
State or province where your organization is located.
For example, Quebec. |
| Country Name |
Two-letter ISO code for your country.
For example, CA.
For the detailed list, see the following URL:
http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 |
| Common Name |
Fully qualified domain name (FQDN) of the TEXTML Server. This must be the exact URL.
For example, dita-textml.acme.local. |
-
Send the CSR file (i.e., textml_csr.pem) to the commercial CA.
After verification, the commercial CA will return
a signed certificate. The examples in this document assume that the signed
certificate is called textml_signed_cert.pem.
