OpenSSL is a common package that is available on all the major Linux distributions through their package installers.
To check whether it is installed on a system, run the following command:
If OpenSSL is already installed, the output will display the installed OpenSSL version number. If the command returns an error message or the version is older than 1.0.0, refer to the commands below:
Redhat / CentOS:
yum install openssl openssl-devel
apt-get install openssl
Generate private (RSA) key
To generate a private key, run the following command:
openssl genrsa –out private.key 2048
The content of this file will be used in Pulse One setup. Keep it in a safe location.
Generate CSR for a wildcard certificate or SAN certificate
Important! Pulse One requires wildcard certificate CSR or SAN certificate CSR.
To generate a CSR for a wildcard certificate, run the following command:
openssl req -new -sha256 -key private.key -out request.csr
When prompted, enter the necessary information. In the Common Name field, ensure to prefix your domain name with an asterisk, for example: *.yourdomain.com.
For generating a SAN certificate, use Pulse One FQDN as the common name and API and UI DNS names as Subject Alternative Names. For details on required Pulse One DNS entries, see “Pulse One Getting Started Guide
”. DNS requirements are explained in “First Time Setup
To generate CSR for SAN certificate, create a configuration file called “csr.cf”. The following example shows the content of csr.cf file. Please replace pulseone.yourdomain.com with your assigned Pulse One domain name (in BOLD
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
commonName = p1.pulseone.yourdomain.com
[ req_ext ]
subjectAltName = @alt_names
DNS.1 = ui.pulseone.yourdomain.com
DNS.2 = api.pulseone.yourdomain.com
After the “csr.cf” file is created and saved, run following command:
openssl req -new -sha256 -key private.key -out request.csr –config csr.cf
Verify your CSR
openssl req -noout -text –in request.csr
Confirm if the common name and subject alternative names are correct. Once completed, submit the CSR file to a certificate authority. For installation instructions, refer to Pulse One Getting Started Guide
Customers are recommended to generate a new private key and CSR when renewing their existing device certificate for Pulse One (On-Premise).