Generating CSRs in UNIX
To obtain CA signed certificate for BMC Atrium Single Sign-On, you generate a CSR.
To generate a CSR
Run the following keytool command:
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore keystore.p12 –storepass internal4bmc -storetype PKCS12 -providername JsafeJCEThe command generates and displays the CSR on the screen:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBmDCCAQECAQAwWDEZMBcGA1UECxMQQXRyaXVtU1NPIFNlcnZlcjEVMBMGA1UEChMMQk1DIFNv
ZnR3YXJlMSQwIgYDVQQDExtpQk1DLUpCSEJCSzEuYWRwcm9kLmJtYy5jb20wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAJABuagV7e12Yu3m0LmNWEmVE4HXrdaB+uOyZFyKLZxO2e+WX3r9vc9q
al5VQSE1yME6ml53B9sWS2RWA5d8xDPW8ppQe3dqQdf3QDDzfXQ18MmZAfraSbv6Y2Tj0Oad10Uf
c8NUXYCvKNcmdHzkabaHuTOXuhfyGyzyCgFdd/jTAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQAx
oNCBNvnbYNHD02QOIXEP4eMd9HlfJjvJHtAS6SyibMEd00mq/BD5iV1TewwkmvJRn1BjmzGXNO1c
xbasQaHN9l0+HP4X6aWfRIJtq9GOj4d9Y2wb5L6SEsgnCtnvbHDsMR0AEBLPCR7nVJ4vgQsZ9xLj
EfQB8idnyyimIfoqqQ==
-----END NEW CERTIFICATE REQUEST------ The toolkit command output must be sent to the CA for a digital signature. The CA returns the signed certificate which is a verification of the server's identity.
- Import the returned CA signed certificate into the BMC Atrium Single Sign-On Tomcat server keystore.
This must be done to provide secure communications.
Where to go from here
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*