- Generate a certificate signing request (CSR) with OpenSSL:
openssl req -out igel_tc.csr -new -newkey rsa:2048 -nodes -keyout igel_tc.key
This produces the following files: - a private key:
igel_tc.key
- a certificate signing request (CSR):
igel_tc.csr
Example for the creation of a certificate request:
Generating a 2048 bit RSA private key
.................................+++
.................................+++
writing new private key to 'igel_tc.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Augsburg
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:IGEL Technology GmbH
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:igeltc
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
It is also possible to create a so called wildcard certificate. A wildcard certifcate contains a possible common name including a * character. It can be used for all thin clients.
Wildcard SSL certs could cause a security issue.
- Go back to the welcome page of the Windows server.
- Select the task Request a certificate.
The Request a Certificate mask opens:
- Click advanced certificate request.
The Submit a Certificate Request or Renewal Request mask opens:
- Copy the plain text content of the
.csr
-file into the Saved Request input field. - Choose Web Server under Certificate Template.
- Click Submit.
The Certificate Issued screen opens:
- Choose Base 64 encoded.
- Click Download certificate.
You receive a file with the public certificate for your thin clients.