Generating CSR and Key on Director using openssl : Versa Support

Using /opt/versa/vnms/scripts/vnms-csrgen.sh script to generate CSR may have some limitations like it has mandatory fields that need to be filled like CN, country, state, locality, O, OU, email. Moreover it also doesn't accept any values with <space> in it.

If you need to generate certificate without any of those mandatory fields or need to include <space> in any value, you can use following method.

Step 1: cd /var/versa/vnms/data/certs

Step 2: touch temp_config.cnf

Step 3: sudo chmod 777 temp_config.cnf

Step 4: sudo nano temp_config.cnf

[ req ]

default_bits = 2048

distinguished_name = req_distinguished_name

req_extensions = v3_req

prompt = no

[ req_distinguished_name ]

commonName = Lab-VD-Pri

countryName = IN

localityName = Bangalore

ST = KA

organizationName = "Versa Networks"

OU = TAC

emailAddress = kshitij.k@versa-networks.com

[ v3_req ]

subjectAltName = DNS:Lab-VD-Pri,DNS:Lab-VD-Sec

basicConstraints = CA:FALSE

keyUsage = digitalSignature, keyEncipherment

Step 5: Run following command to generate key and CSR. Password is optional and can be removed.

openssl req -newkey rsa:2048 -nodes -passin pass:versa123 -sha256 -keyout Lab-VD-Pri.key -out Lab-VD-Pri.csr -config temp_config.cnf

Step 6: Change ownership of CSR and key

sudo chown versa:versa Lab-VD-Pri.*

Step 7: Use following command to verify the CSR

openssl req -noout -text -in Lab-VD-Pri.csr

[Administrator@dir1: certs] $ openssl req -noout -text -in Lab-VD-Pri.csr

Certificate Request:

Data:

Version: 1 (0x0)

Subject: CN = Lab-VD-Pri, C = IN, ST = KA, L = Bangalore, O = Versa Networks, OU = TAC, emailAddress = kshitij.k@versa-networks.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public-Key: (2048 bit)

Modulus:

00:c9:10:84:a7:7f:9f:4e:3b:c5:f3:12:ed:c9:6c:

a3:fe:01:b1:22:80:b0:9e:ee:8b:a3:5a:64:c4:ed:

c9:8d:ab:b0:c4:6a:a1:71:1e:7c:ce:ef:47:12:63:

f8:5f:e6:07:c2:58:05:d4:87:2d:4a:17:b5:f6:0a:

84:0b:a8:5b:06:e7:08:d1:c1:c1:12:44:66:2b:2b:

50:10:f3:ec:da:18:ae:68:d5:07:36:a5:75:58:89:

9d:09:ba:72:4a:bf:72:13:ba:dd:dd:c8:8d:ba:6a:

c3:a7:09:85:2d:19:73:b0:26:af:41:d8:98:56:ee:

c8:5b:d2:4a:35:60:84:02:72:cf:36:d5:5f:e3:38:

22:30:08:65:ae:ac:bb:40:40:31:2a:f7:a1:1c:ff:

2e:e0:c9:52:9a:c6:56:95:b2:e3:2c:e5:dd:b7:c0:

23:f7:d8:4e:78:34:a5:e8:f1:8e:d7:84:fc:6e:d5:

a8:88:d4:56:5e:a7:06:a9:17:8f:21:a8:50:0b:97:

7d:79:16:5d:90:29:d0:ad:12:92:1a:64:ed:77:cb:

14:93:1b:89:4b:95:f4:ac:b8:83:e1:cd:e2:16:4e:

97:34:0e:c8:6d:c7:f1:46:21:bc:49:f6:d1:b9:e2:

a7:15:59:85:ef:9e:bb:9b:08:28:fc:00:62:19:6a:

1b:db

Exponent: 65537 (0x10001)

Attributes:

Requested Extensions:

X509v3 Subject Alternative Name:

DNS:Lab-VD-Pri, DNS:Lab-VD-Sec

X509v3 Basic Constraints:

CA:FALSE

X509v3 Key Usage:

Digital Signature, Key Encipherment

Signature Algorithm: sha256WithRSAEncryption

24:d0:2d:33:ee:a4:4f:6a:1e:03:9f:38:d4:a2:85:bb:d1:05:

d4:75:64:7c:3c:a2:46:bf:af:15:54:48:a3:26:32:b6:2e:a3:

ae:bd:6f:b2:47:72:83:bb:7b:82:2a:2f:93:f9:99:9b:5b:69:

41:cb:5c:d9:8c:37:78:4f:24:89:58:fe:a7:7a:d7:a4:46:b0:

1a:fe:a8:d2:9c:4f:ad:2a:05:c2:bd:1e:86:ab:67:11:47:8e:

fa:6b:11:ea:29:1f:8c:5e:c6:ea:bb:5f:8d:1d:b9:af:96:0d:

53:4d:e7:21:9d:b5:26:34:ab:6d:ae:b2:2b:37:ae:c6:e6:89:

04:3c:95:71:2c:75:00:47:e8:4e:2d:3f:24:77:98:21:b5:a2:

f6:02:3f:9c:e0:13:ec:00:1d:b5:19:4b:e1:a7:a5:9a:29:dd:

82:11:89:85:bf:07:ce:8b:5b:c7:35:d0:67:6c:bb:2c:33:88:

f3:b9:35:e4:37:35:ff:6f:4c:31:7a:b6:c2:ea:b8:6a:b3:9a:

71:1a:e6:21:d1:2e:a0:2e:8c:e0:f5:d6:c2:52:5d:11:2c:38:

05:7c:61:9e:7d:f1:ff:6e:97:5d:a9:90:a6:23:53:39:ba:a1:

b4:94:27:b2:19:75:8a:33:62:13:ee:b1:58:2c:24:c6:4a:ac:

3a:d0:b1:2e

[Administrator@dir1: certs] $

Generating CSR and Key on Director using openssl

Modified on: Wed, 9 Aug, 2023 at 4:07 PM

More articles in Configurations