Requesting a certificate without a signing request

Some Certificate Authorities do not accept signing request files. Instead, they generate the signing request internally on behalf of the requesting server and then sign it as one transaction. The CA then returns to the server two files, one containing the private key for the server to use and one containing the signed server certificate. In this example, the assumption of the two files is as follows:

About this task

  • host.mycompany.com.crt: This is the file that contains the signed server certificate.
  • host.mycompany.com.key: This is the file that contains the server's private key

To use these files, they must be converted to an industry standard PKCS12 keystore file.

The following steps describe how to request a certificate without a signing request with the OpenSSL toolkit and openssl commands. However, you can use a different key management tool of your choice.

Procedure

Use OpenSSL to convert the two files into a PKCS12 keystore file as follows:

openssl pkcs12 -export -in host.mycompany.com.crt -inkey host.mycompany.com.key -out host.mycompany.com.p12 -name "CA signed"

  • The -in parameter specifies the file that contains the signed server certificate.
  • The -inkey parameter specifies the file that contains the server's private key.