Product Manual — Doc. 8559B 4-Series™ Control Systems • 173
CA-Signed Certificates
A CA-signed certificate starts with a certificate request. The request can be generated by the
control system, or it can be generated via an external process. When installing the signed
certificate, the only difference is that the external process also produces a private key that is
installed along with the certificate.
The following procedures are used to obtain and load a CA-signed certificate to the control
system.
Generate a Certificate Signing Request (CSR)
To generate a certificate signing request, issue the createcsr c:st:l:o:ou:cn:e [-
i:option] command, where the following parameters are replaced with the appropriate data
that should appear in the certificate:
NOTE: Any parameter that is not required can be left blank as needed.
l
c - The two letter country code (corresponding to ISO 3166)
l
st - State or province name
l
l - Locality or city name
l
o - Organization name (required)
l
ou - Organizational or unit name
l
cn - Common name (required)
NOTE: The common name is not transferable, and thus must be one that is used by
clients.
l
e - Email address
l
-i - Ignores blank parameters in the CSRrequest. Valid values are true and false.
By default, a certificate request for a certificate with a 2048-bit RSA signature is requested. The
CSR "request.csr" file is saved automatically to the internal \sys directory of the control system.
To Next Page
Loading...
