Show Hide

 

Feedback

  • Contents
 

Open SSL.cnf file example

The “# req_extentions=v3_req #” section is the area that you will need to edit to ensure that the appropriate elements are set to the Agencies requirements.  In the example below, in this case of JITC, they expect to see the following elements within the CSR.

CN = (PureConnect Server Name)

OU = Contractor

OU = PKI

OU = DoD

O = U.S. Government

C = US

So, the # req_extensions = v3_req # section of the OpenSSL.cnf file has been edited to ensure that those required elements are set to a Default value. Without the Default value entered in the OpenSSL.cnf, those entries will not be part of the CSR. Those elements are highlighted in Yellow.

Please edit the correct fields with the appropriate OU entry that your US Govt Customer expects before you drop the OpenSSL.cnf file into the d:\I3\IC\Server directory

The extensions to add to a certificate request

 

[ req_distinguished_name]                 = Country Name (2 letter code)

countryName_default                        = US

countryName_min                             = 2

countryName_max                            = 2

 

stateOrProvinceName                      = State or Province Name (full name)

localityName                                    = Locality Name (eg, city)

0.organizationName                         = Organization Name (eg, company)

0.organizationName_default             = U.S. Government

0.organizationalUnitName                = Organizational Unit Name 1 (eg, section)

0.organizationalUnitName_default    = DoD

1.organizationalUnitName               = Organizational Unit Name 2 (eg, section)

1.organizationalUnitName_default   = PKI

2.organizationalUnitName                = Organizational Unit Name 3 (eg, section)

2.organizationalUnitName_default    = CONTRACTOR

commonName                                 = Common Name (eg, YOUR name)

commonName_max                         = 64

Note: This is where our Certificate Wizard stand-alone UI needs to allow the Customer to configure the CSR Entries like O, OU, CN, Subject Alternative Names, City, State, Country, and so forth with the UI. Please see this link to understand what kind of entries are needed : CSR Tool User's Guide.

Note: If you are using the New stand-alone Wizard-type GUI application to generate Certificate Signing Requests (CSR) this step can be done with ease and less error-prone along with the CSR generation.