Forum Discussion

okumura_86871's avatar
okumura_86871
Icon for Nimbostratus rankNimbostratus
Sep 24, 2012

How to create a SSL CSR from the command line.

Hi everyone,

 

I'm trying to create a SSL CSR from the command line to the BigIP LTM v10.2

 

Usually, I take the following steps by GUI.

 

Local Traffic >> SSL Certificates >> New SSL Certificate...

 

Name: TEST_0001

 

Issure: 【Certificate Authority】

 

Common Name: CCC

 

Division: DDD

 

Organization: OOO

 

Locality: LLL

 

State Or Province: SSS

 

Country: Japan

 

Size: 2048 bit

 

Click [Finished].

 

And then, the following new entry appears in the [Certificate List].

 

****************************************

 

Name: TEST_0001

 

Contents: Key

 

****************************************

 

Next, I tried this by the command line from the neighbor centos machine.

 

I found a script "SSLKeyAndCSRCreator" in the DevCentral,

 

and successed to create it by the command line.

 

./ssl-key-and-csr-creator.rb -b 192.168.1.100 -u admin -p admin -i TEST_0001 -l 2048 --common-name=CCC --country=JP --state=SSS --locality=LLL --organization="OOO" --division="DDD" -c

 

(https://devcentral.f5.com/wiki/iCon...eator.ashx)

 

 

But...

 

In the [Certificate List]-[Contents] of the GUI, it was displayed not only "Key" but also "Certificates".

 

****************************************

 

Name: TEST_0001

 

Contents: Certificate & Key

 

****************************************

 

 

I think this will mean that the command line creates a SSL Certificate with the "Issuer" as 【Self】.

 

I'd like to create it with the "Issure" as 【Certificate Authority】 by command line.

 

What should I do?

 

Regards

 

 

No RepliesBe the first to reply