Reset Search
 

 

Article

KB40946 - How to generate a private key and certificate signing request (CSR) for a new or renewal certificate for Pulse One (On-Premise)?

« Go Back

Information

 
Last Modified Date8/2/2018 10:44 PM
Synopsis
This article describes the step-by-step instructions how to generate a private key and CSR for a new or renewal certificate for Pulse One (On-Premise).
Problem or Goal
Cause
Solution

Install OpenSSL

OpenSSL is a common package that is available on all the major Linux distributions through their package installers. 

To check whether it is installed on a system, run the following command:
openssl version
If OpenSSL is already installed, the output will display the installed OpenSSL version number. If the command returns an error message or the version is older than 1.0.0, refer to the commands below:

Redhat / CentOS:
​​yum install openssl openssl-devel
Debian OS:
apt-get install openssl
 

Generate private (RSA) key

To generate a private key, run the following command:
openssl genrsa –out private.key 2048
The content of this file will be used in Pulse One setup. Keep it in a safe location.


Generate CSR for a wildcard certificate or SAN certificate

Important! Pulse One requires wildcard certificate CSR or SAN certificate CSR.

To generate a CSR for a wildcard certificate, run the following command:
openssl req -new -sha256 -key private.key -out request.csr

When prompted, enter the necessary information. In the Common Name field, ensure to prefix your domain name with an asterisk, for example: *.yourdomain.com.


For generating a SAN certificate, use Pulse One FQDN as the common name and API and UI DNS names as Subject Alternative Names. For details on required Pulse One DNS entries, see “Pulse One Getting Started Guide”. DNS requirements are explained in “First Time Setup” section.

To generate CSR for SAN certificate, create a configuration file called “csr.cf”. The following example shows the content of csr.cf file. Please replace pulseone.yourdomain.com with your assigned Pulse One domain name (in BOLD).
[req] 
distinguished_name = req_distinguished_name 
req_extensions = req_ext 
prompt = no
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
commonName = p1.pulseone.yourdomain.com
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = ui.pulseone.yourdomain.com
DNS.2 = api.pulseone.yourdomain.com

After the “csr.cf” file is created and saved, run following command:
openssl req -new -sha256 -key private.key -out request.csr –config csr.cf


Verify your CSR

openssl req -noout -text –in request.csr
Confirm if the common name and subject alternative names are correct. Once completed, submit the CSR file to a certificate authority. For installation instructions, refer to Pulse One Getting Started Guide.

Note: Customers are recommended to generate a new private key and CSR when renewing their existing device certificate for Pulse One (On-Premise).
Related Links
Attachment 1 
Created ByFelipe Acusa

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255