Requesting a certificate without a signing request
Some Certificate Authorities do not accept signing request files. Instead, they generate the signing request internally on behalf of the requesting server and then sign it as one transaction. The CA then returns to the server two files, one containing the private key for the server to use and one containing the signed server certificate. In this example, the assumption of the two files is as follows:
About this task
- host.mycompany.com.crt: This is the file that contains the signed server certificate.
- host.mycompany.com.key: This is the file that contains the server's private key
To use these files, they must be converted to an industry standard PKCS12 keystore file.
The following steps describe how to request a certificate without a signing request
with the OpenSSL toolkit and openssl
commands. However, you can use
a different key management tool of your choice.
Procedure
openssl pkcs12 -export -in host.mycompany.com.crt -inkey host.mycompany.com.key -out host.mycompany.com.p12 -name "CA signed"
- The -in parameter specifies the file that contains the signed server certificate.
- The -inkey parameter specifies the file that contains the server's private key.