The process is quite simple. Send an e-mail to the
SensorNetCA requesting a certificate. The e-mail should contain:
- The ip name of your server or node, or the name of the
application
- Your name and e-mail address
- Your phone number
- Your Organization
- Your Organizational Unit
- Your City
- Your State
- Your Country
The key store for your server will be generated by the CA, and
is ready to use when you receive it.
It is easiest if you get a .p12 certificate. This will be the default
unless you ask for something else (PEM). If you do NOT want a pkcs#12
certificate, you will have to create a certificate signing request on
your host. Otherwise this is not necessary.
When your request is approved, I will mail you a link to
download the certificate. The certificate will be protected using the
password in the e-mail. It is best if you change this to a different
(but good) password.
It should not be necessary to do so, but if you need to
extract the private key from the PKCS12 (.p12) file, follow these
steps:
- Convert the P12 to PEM format with the openssl 'pkcs12'
utility:
$ openssl pkcs12 -in TestNode.p12 -out TestNode.pem
- This will prompt you for a password for the PEM file which
must be used when processing the PEM file with openssl utilities.
- The PEM file contains the private key. Copy everything
between and including the lines
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
and store in a file with a .key extension.
|