Security
Highlighted

CSR on Windows 2003 Server

Explorer

What is the procedure for generating a CSR on a Windows 2003 server for Splunkweb?

Tags (1)
0 Karma
Highlighted

Re: CSR on Windows 2003 Server

Motivator

The admin manual details how to generate a Certificate Signing Request. Here is a snippet from the 4.12 admin manual as it exists today:


Generate a CSR (Certificate Signing Request)

If your organization requires that your Splunk deployment use a certificate signed by an external CA or you otherwise wish to use certificates signed by a root certificate other than the default Splunk authority, you can use the following procedure to generate the CSR to send to the CA:

openssl req -new -key [certificate name].pem -out [certificate name].csr

You are prompted for the following X.509 attributes of the certificate:

* Country Name: Use the two-letter code without punctuation for country, for example: US or GB.
* State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: California
* Locality or City: The Locality is the city or town name, for example: Oakland. Do not abbreviate. For example: Los Angeles, not LA, Saint Louis, not St. Louis.
* Company: If your company or department contains an &, @, or any other non-alphanumeric symbol that requires you to use the shift key, you must spell out the symbol or omit it. For example, Fflanda & Rhallen Corporation would be Fflanda Rhallen Corporation or Fflanda and Rhallen Corporation.
* Organizational Unit: This field is optional; but you can specify it to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request. To skip the OU field, press Enter.
* Common Name: The Common Name is the Host + Domain Name, for example www.company.com or company.com. This must match the host name of the server where you intend to deploy the certificate exactly. 

This creates a private key ([certificate name].key), which is stored locally on your server, and a CSR ([certificate name].csr), which contains the public key associated with the private key. You can then use this information to request a signed certificate from an external CA.

To copy and paste the information into your CA's enrollment form, open the .csr file in a text editor and save it as a .txt file.

Note: Do not use Microsoft Word; it can insert extra hidden characters that alter the contents of the CSR.

Highlighted

Re: CSR on Windows 2003 Server

Legend

In general you can use whatever procedure you want. In the end, you will three items to configure Splunk though:

  • Your cert private key, saved in PEM format, without a password. This will be generated when you create your CSR. You can use the openssl tool to convert certificate formats and to remove passwords.
  • Your public key certificate, also in PEM format, which you will receive from your CA.
  • The CA's public key or public key chain, again in PEM, which should be readily available from them.

However you can get these items doesn't matter to SplunkWeb.

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.