This document provides information on creating a certificate signing request (CSR) on your HyperCommerce unit, exporting the CSR for signing, and importing the signed certificate into HyperCommerce.
For support issues and concerns, please contact the CyberIQ Systems Customer Support Department.
The first step in the process is to generate a certificate signing request. During this step, HyperCommerce generates a public and private key pair. The public key, or certificate signing request, is the portion that is submitted to VeriSign for signature.
To generate the CSR you will need to use the certificate signrequest command. In order to use the certificate signrequest command, you must be in the certificate context. To move to the certificate context, type certificate at the prompt.
Once you are in the certificate context, you will need to
issue the certificate signrequest command. Before you can use this command, you
will need the following information:
|
pvt_key_name |
This is the name assigned to the private key. Note: The name must end with the .pem extension. Example: private.pem |
|
public_key_name |
This is the name assigned to the public key. Note: The name must end with the .pem extension. Example: public.pem |
|
country |
Name of the country where the HyperCommerce unit is physically located. Note: You must use a two-letter country code. Example: US |
|
state |
Name of the state where the HyperCommerce unit is physically located NOTE: The name of the state must be spelled out. Example: NewYork. If the state or province name is more than one word, you may only include the space between words if you enclose the state name in double-quotes. Example: “New York” |
|
city |
Name of the city where the HyperCommerce unit is physically located. NOTE: The name of the city must be spelled out. Example: BowlingGreen. If the city name is more than one word, you may include the space between words only if you enclose the city name in double-quotes. Example: “Bowling Green” |
|
company |
The legal name of the company. NOTE: Enter the company name as one-word or surround the company name in double-quotes. Example: cyberiqsystemsinc or “CyberIQ Systems, Inc.” |
|
dept |
The name of the department where the HyperCommerce unit resides. NOTE: Enter the department name. If the department name is more than one word, you may include the space between words only if you enclose the department name in double-quotes. Example: onlinesales or “Online Sales” |
|
distinguished_name |
The fully qualified domain name that you are securing. Example: www.cyberiqsys.com |
|
email_address |
The e-mail address of the system administrator or the authorized contact person for the certificate. |
|
key_size |
You may elect to create either a 512 or 1024 bit key. |
Using the information collected in the previous section, issue the certificate signrequest from the CLI within the certificate context.
hcom[#]certificate> certificate signrequest <pvt_key> <public_key> <country> <state> <city> <company> <dept> <distinguished_name> <email_address> <key_size>
The certificate signing request should look something like this:
-----BEGIN CERTIFICATE REQUEST-----
DIDNFDDKDJFS9973NKNS9ijhi983KjkKihsinsltIDD93ks8ak/iehre97fe84ih
Hg8HJJH7jHIYbi997hhhj7kjh93jkj9dmxkd8789sjjII0Kkjhsya7a7dsf21dduIPh
XZ4hjk709jg6T77FRghhf6d5DgtrtyU7lj97cyafiuytsUgh87t8tgUT7guUt7gU91
YjbjyT6534ghj834i5hev09g4iutnfe094ruh83y57uh8UY88hf38yfshfi8H80w98
90wjhsfi78934hioa74jhIYG908fsjH0493wN/Bo9usirhe00hK0w4j8735hihfids9
Hg8HJJH7jHIYbi997hhhj7kjh93jkj9dmxkd8789sjjII0Kkjhsya7a7dsf21dduIPh
XZ4hjk709jg6T77FRghhf6d5DgtrtyU7lj97cyafiuytsUgh87t8tgUT7guUt7gU91
si0y8uj4aa94hnfa0ua45i4na0efu3i45ne0aer73i45tjh0eea/thfod4
-----END CERTIFICATE REQUEST-----
After you generate a CSR, you will need to export the CSR and the private key from HyperCommerce so that you may submit the CSR to VeriSign. Use the certificate export command from within the certificate context.
To export the CSR:
hecom[#]certificate>certificate export <filename> <host> <user> <remote-dir>
The necessary parameters are defined below:
|
filename |
The name of the public key. |
|
host |
The target IP address where the CSR will be exported. |
|
user |
An account name on the target host. |
|
remote-dir |
A directory on the target host. |
To export the private key:
hecom[#]key>key export <filename> <host> <user> <remote-dir>
The necessary parameters are defined below:
|
filename |
This name of the private key. |
|
host |
The target IP address where the private key will be exported. |
|
user |
An account name on the target host. |
|
remote-dir |
A directory on the target host. |
Once you have exported your CSR, you will need to submit it during the enrollment process. Go to www.verisign.com/products/site/ss/index.html#128platforms to begin the enrollment process. When requested, you will need to paste a copy of your CSR into the form provided.
When your signed certificate is provided to you by VeriSign, you will need to import the certificate and the private key back into HyperCommerce. To import your certificate, you will use the certificate import command:
hecom[#]certificate>certificate import <cert_file> <key_file> <host> <user> <remote-dir>
The necessary parameters are defined below:
|
cert_file |
The signed certificate file. Example: public.pem |
|
key_file |
The private key file. Example: private.pem |
|
host |
The host IP address where the certificates are stored – any ftp server. |
|
user |
An account name on the host machine. |
|
remote-dir |
The directory on the host machine where the certificates are located. |
The final step in the process is to configure the clusters that will be using the new certificate. These clusters must be addressable by the distinguished name identified in Step 1. For example, if your distinguished name is www.cyberiqsys.com, then www.cyberiqsys.com/orders is a valid name, but www.orders.cyberIQsys.com is not. The host and domain must be identical.
If your clusters have not yet been created, you will need to use the cluster create command. For more information on creating clusters, please refer to the HyperCommerce System Administrator’s Guide.
If you have already created your clusters, use the cluster modify command to use the certificate with the cluster.
hcom[#]cluster>cluster modify <cluster_name> -sslservercertificate <server_certificate_file_name> -sslpvtkey <private_key_file_name>
The necessary parameters are defined below:
|
cluster_name |
Name of the cluster to be modified. |
|
server_certificate_file_name |
Full path of the security certificate file associated with the cluster – the Web site associated with the cluster. |
|
private_key_file_name |
Full path of the private key file associated with the cluster. Cluster must support HTTPS gateway. |
Copyright © 2000, CyberIQ SystemsTM
CyberIQ Systems, Inc
225 Baypointe Parkway
San Jose, CA 95134-1627
(408)
434-4600
www.cyberiqsys.com