Creates a server certificate request and corresponding private key. This utility can be used in interactive mode, or you can provide all optional parameters on the command line. Located in $SYBASE/ASE-12_5/bin.
In Windows NT, the utility is certreq.exe,
and is located in %SYBASE%\ASE-12_5\bin.
certreq [-F input_file] [-R request_filename] [-K PK_filename] [-P password]
Or
certreq -v
specifies the file name that contains attribute information to build a certificate request. If you do not specify an input_file name, the required information must be interactively entered by a user.
The input_file needs an entry for each of the following:
req_certtype={Server,Client}
req_keytype={RSA,DSA}
req_keylength={for RSA: 512-2048;
for DSA: 512,768,1024}
req_country={string}
req_state={string}
req_locality={string}
req_organization={string}
req_orgunit={string}
req_commonname={string}
The common name must be the same as the server name.
See Example 2 for a sample file called input_file.
specifies the name for the certificate-request file.
specifies the name for the private-key file.
specifies the password used to protect the private key.
displays the version number and copyright message, then exits.
This example does not use the -F input_file parameter, and is therefore in interactive mode. To create a server certificate request (server_req.txt) and its private key (server_pkey.txt), enter:
certreqChoose certificate request type:
S – Server certificate request
C – Client certificate request (not supported)
Q – Quit
Enter your request [Q] : s
Choose key type: R – RSA key pair
D – DSA/DHE key pair
Q – Quit
Enter your request [Q] : r
Enter key length (512, 768, 1024 for DSA; 512-2048 for RSA) : 512
Country: US
State: california
Locality: emeryville
Organization: sybase
Organizational Unit: dst
Common Name: server
The utility returns the message:
Generating key pair (please wait) . . .
After the key pair is generated, the certreq utility prompts you for more information.
Enter password for private key : password
Enter file path to save request: server_req.txt
Enter file path to save private key : server_pkey.txt
In this sample text file, the format, tag=value, is used for noninteractive entry for a certificate request. You can use the -F option for noninteractive mode. When you use the -F option, be sure to use valid values and follow the format described above. Failure to do so prevents the certificate from being built correctly.
certreq -F input_file
req_certtype=server req_keytype=RSA req_keylength=512 req_country=us req_state=california req_locality=emeryville req_organization=sybase req_orgunit=dst req_commonname=server
After you create and save this file, enter on the command line, where path_and_file is the location of the text file:
certreq -F path_and_file -R server_req.txt -K server_pkey.txt -P password
This file creates a server certificate request, server_req.txt, and its private key, server_pkey.txt which is protected by password.
You can edit the server certificate file with any standard ASCII text editor.
The input file uses the format of tag=value. tag is case-sensitive and should be the same as described above.
The “=” is required. Valid value should start with a letter or digit, must be a single word, and there should not be any spaces within value.
value is required for req_certtype, req_keytype, req_keylength and req_commonname.
The space or tab around <tag>, = and value is allowed. Blank lines are also allowed.
Each comment line should start with #.
The certificate request file is in PKCS #10 format and used as acceptable input for the certauth tool to convert the request to a CA-signed certificate.
Utilities – certauth, certpk12
