Permalink:

Generating a certificate using the OpenSSL utility

Members of the System have an option to form a certificate generation request using the OpenSSL library on their PC.

After installing the library, you need to create a configuration file config.cnf with the following contents:

[req]
default_bits = 2048
distinguished_name = dn
prompt = no
req_extensions = ext

[dn]
O = WM Transfer Ltd
OU = WM Transfer Certification Services
CN = WM id: "Enter your WMID" 
emailAddress = "Enter your Email" 

[ext]
extendedKeyUsage = clientAuth

an example:

After that, you should run this command in the directory with the config file:

openssl req -new -newkey rsa -keyout private.key -out request.csr -config config.cnf

This will result in a creation of two files:

private.key - your private key, which should not be shared with anyone
request.csr - the certificate request file, that will need to be sent to the technical support

Attention! During the generation you will be asked to set a password. You must remember this password!

You need to send the request.csr file to the technical support team for signing.

Technical support will verify the request and, in case everything is successful, your request will be signed and the public part will be provided to you in a reply.

Having both private and a public part, you can now create an X.509 certificate using this command:

openssl pkcs12 -export -out client.pfx -inkey private.key -in client.crt

where client.crt is the file you received from the support team. Its name may be different.