Generating a certificate signing request (CSR) with OpenSSL

openssl req -out igel_tc.csr -new -newkey rsa:2048 -nodes -keyout igel_tc.key
This produces the following files:

• a private key: igel_tc.key
• a certificate signing request (CSR): igel_tc.csr

Example for the creation of a certificate request:

Generating a 2048 bit RSA private key

.................................+++

.................................+++

writing new private key to 'igel_tc.key'

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. 

There are quite a few fields but you can leave some blank. For some fields there will be a default value.

If you enter '.', the field will be left blank.

Please enter the following 'extra' attributes to be sent with your certificate request

• A challenge password []:
• An optional company name []:

It is also possible to create a so called wildcard certificate. A wildcard certifcate contains a possible common name including a * character. It can be used for all thin clients.

Wildcard SSL certs could cause a security issue.

Requesting a certificate

1. Go back to the welcome page of the Windows server.
2. Select the task Request a certificate.
   The Request a Certificate mask opens:

   

3. Click advanced certificate request.
   The Submit a Certificate Request or Renewal Request mask opens:

   

4. Copy the plain text content of the .csr-file into the Saved Request input field.
5. Choose Web Server under Certificate Template.
6. Click Submit.
   The Certificate Issued screen opens:

   

7. Choose Base 64 encoded.
8. Click Download certificate.
   You receive a file with the public certificate for your thin clients.