Obtaining a Certificate for a server, node, or application

 
The process is quite simple. Send an e-mail to the SensorNetCA requesting a certificate. The e-mail should contain:
  • The ip name of your server or node, or the name of the application
  • Your name and e-mail address
  • Your phone number
  • Your Organization
  • Your Organizational Unit
  • Your City
  • Your State
  • Your Country

The key store for your server will be generated by the CA, and is ready to use when you receive it.
It is easiest if you get a .p12 certificate. This will be the default unless you ask for something else (PEM). If you do NOT want a pkcs#12 certificate, you will have to create a certificate signing request on your host. Otherwise this is not necessary.

When your request is approved, I will mail you a link to download the certificate. The certificate will be protected using the password in the e-mail. It is best if you change this to a different (but good) password.

It should not be necessary to do so, but if you need to extract the private key from the PKCS12 (.p12) file, follow these steps:

  • Convert the P12 to PEM format with the openssl 'pkcs12' utility:
    $ openssl pkcs12 -in TestNode.p12 -out TestNode.pem
  • This will prompt you for a password for the PEM file which must be used when processing the PEM file with openssl utilities.
  • The PEM file contains the private key. Copy everything between and including the lines
    -----BEGIN RSA PRIVATE KEY-----
    -----END RSA PRIVATE KEY-----
    and store in a file with a .key extension.