{"id":92,"date":"2013-08-28T07:55:40","date_gmt":"2013-08-28T07:55:40","guid":{"rendered":"http:\/\/blogs.kent.ac.uk\/unseenit\/?p=92"},"modified":"2013-08-28T07:55:40","modified_gmt":"2013-08-28T07:55:40","slug":"generating-ssl-certificates-with-sans-with-janet","status":"publish","type":"post","link":"https:\/\/blogs.kent.ac.uk\/unseenit\/generating-ssl-certificates-with-sans-with-janet\/","title":{"rendered":"Generating SSL certificates with SANs with JANET"},"content":{"rendered":"

Some notes on generating Certificate Signing Requests (CSRs) with Subject Alternate Names (SANs) using JANET’s certificate service (https:\/\/certificates.ja.net\/jcs\/<\/a>)<\/p>\n

CSR generation<\/h1>\n

Create csr.dat as:<\/p>\n

[ req ]\r\n default_bits = 2048\r\n prompt = no\r\n encrypt_key = no\r\n default_md = sha1\r\n distinguished_name = dn\r\n\r\n[ dn ]\r\nC = GB\r\nO = The University of Kent\r\n0.CN = PRIMARY.example.com\r\n1.CN = SECONDARY.blah.example.com\r\n2.CN = TERTIARY.ad.example.com<\/pre>\n
Then run:<\/p>\n
openssl req -new -nodes -batch \\\r\n  -keyout PRIMARY.example.com.key \\\r\n  -out PRIMARY.example.com.csr \\\r\n  -config csr.dat<\/pre>\n
\u2026 and submit the resulting file (cat *.csr) to JANET<\/a><\/p>\n
Convert the key to the right format for IIS<\/h1>\n
IIS only seems to understand PKCS#12 certificates so we need to convert the key and certifictate which are both PEM format.<\/p>\n
When the certificate comes back, cat the key and certificate into one file:<\/p>\n
cat PRIMARY.example.com.key PRIMARY.example.com.crt >iisserver.pem<\/pre>\n
Finally export the newly created file in PKCS#12 format<\/p>\n
openssl pkcs12 -export \\\r\n -out mycert.pfx -in iisserver.pem \\\r\n -CAfile ..\/UKERNA\/comodo_chain.pem \\\r\n -name \"My Certificate\"<\/pre>\n
    \n
  1. comodo_chain.pem<\/tt> is a file containing the certificate chain up the tree (order: TERENA,\u00a0UTN-USERFirst-Hardware,\u00a0AddTrust External CA Root)<\/li>\n
  2. The passphrase it asks for is just for armouring the \u00a0PFX file and is required when importing into the Windows certificate store<\/li>\n<\/ol>\n
    Importing into IIS<\/h1>\n
    To install as new: go into the IIS server console, website, properties, document security, Server Cert and install from .pfx<\/p>\n
    To update: import into the personal store then go into the Website Properties, Document Security, Server Certificate (or Edit?) and replace cert.<\/p>\n","protected":false},"excerpt":{"rendered":"
    Some notes on generating Certificate Signing Requests (CSRs) with Subject Alternate Names (SANs) using JANET’s certificate service (https:\/\/certificates.ja.net\/jcs\/) CSR generation Create csr.dat as: [ req … Read more<\/a><\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[28936,1],"tags":[28941,28939,28938,28942,28937,28940],"_links":{"self":[{"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/posts\/92"}],"collection":[{"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/comments?post=92"}],"version-history":[{"count":5,"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/posts\/92\/revisions"}],"predecessor-version":[{"id":97,"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/posts\/92\/revisions\/97"}],"wp:attachment":[{"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/media?parent=92"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/categories?post=92"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/unseenit\/wp-json\/wp\/v2\/tags?post=92"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}