No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

How to generate BMU signed certificate by CA center

Publication Date:  2016-03-01 Views:  116 Downloads:  0
Issue Description

customer inquire how to generate BMU signed certificate by CA center,for there is not detailed instruction in the product document.

Solution

BMU CA signed certificate generate guide

Catalogue

BMU CA signed certificate generate guide. 1

1.1         Generate private key file. 1

1.2         generate certificate application bmu_cert.csr. 2

1.3         apply signed certificate in CA.. 3

1.4         import signed certificate and private key to certificate library. 3

1.5         reason why BMU still display alarm after import the signed certificate. 3

1.6         appendix. 4

1.6.1          install openssl in Windows. 4

1.6.2          CA generate signed certificate depend on certificate application file. 4

1.6.3          how to get CA root certificate. 7

1.6.4          how to get CSR self-signed certificate by certificate application. 9

 

1.1      Generate private key file

premise Openssl tool is installedrefer install openssl in Windows

Step1.                 Go to openssl installation path/bin/double click openssl.exe

Step2.                 Use command to generate private key

                        genrsa -aes256 -out bmu_private.key 2048

Step3.                 When prompt fill in private key password, please fill in password. For example, here is bmu123456

Step4.                 bmu_private.key will be generated at the same level path with openssl.exe

1.2      generate certificate application bmu_cert.csr

Step1.               At openssl.exe command line:

       req -new -key bmu_private.key -config D:\tools\openssl\share\openssl.cnf -days 3650 -sha256 -out bmu_cert.csr

the red path is openssl.cnf actual pathopenssl installation path/share/openssl.cnf

must make the signature algorithm is sha256 or high, or else the Chrome will alarm.

Step2.               When prompt fill in private key password, please fill in bmu 123456.

               

Note

1.       Common Name option must be the same with the ip or domain you visited in browser.

 

2.       Email Address, challenge and optional company name, please do not fill in, just enter.

Step3.               Other configuration please refer to the screenshot

So at the same level path with openssl.exe generated certificate application filecsr file includes public key:

1.3      apply signed certificate in CA

Step1.                 Submit bmu_cert.csr file to customer, apply signed certificate, please refer to appendix1.6.2

Step2.                 Request  cer filenamed bmu_cert.cer

Step3.                 Request  CA root certificatenamed CA.cer

Refer to appendix1.6.3

1.4      import signed certificate and private key to certificate library

Step1.                 The file we already got

CA root certificateCA.cer

Server certificatebmu_cert.cer

Server private keybmu_private.key

Private key passwordgenerate bmu_private.key used passwordfor example : bmu123456

 

Step2.                 If all these files are ok, refer to the eSpace UC V200R003 product document------ Converting the BMU Digital Certificate and Replacing the BMU Digital Certificate

 

Noteif customer laptops are already installed root certificate, then the Replacing the BMU Digital Certificate the 7th step no need to do.

1.5      reason why BMU still display alarm after import the signed certificate

when browser get the BMU server sent certificate, verify as below:

Step1. Get the BMU certificate licensor information

Step2. Search the licensor from system trusted list. If searched, think the certificate is legal, or else, think the licensor is illegal. Then think the certificate is illegal.

process methoddepend on CA root certificate. Refer to Replacing the BMU Digital Certificate the 7th step to operate.

Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities, click Import, and select the root certificate that has been applied for, such as root_cert.cer

1.6      appendix

1.6.1        install openssl in Windows

download linkhttp://gnuwin32.sourceforge.net/packages/openssl.htm

1click Complete package, except sources  Setup link

2download openssl-0.9.8h-1-setup.exe

       3installation path only include English and digit

       4installation path \bin , double click openssl.exe

 

Install guidehttp://gnuwin32.sourceforge.net/install.html

1.6.2        CA generate signed certificate depend on certificate application file

Step1.               the certificate request file “bmu_cert.csr” to your CA server.

Step2.               Open this URL in Internet Explorer: https://127.0.0.1/certsrv

Step3.               Select Request  a certificate.

Step4.               Select advanced certificate request.

Step5.               Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 files.

Step6.               Using a text editor like Notepad, open “bmu_cert.csr”.

Paste the content of the CSR into the Certificate Request text box.

Certificate template:  Web Server

Select Submit.

Step7.               Downloading the Signed Certificate from CA Server

In Administrative Tools, open the Certification Authority. The Certificate Request that you have just issued will be displayed in Issued Requests.

Right click the request and select Open.

Select the Details tab.

Select “Copy to File”.

Continue the steps by following the below table.

Save the certificate to the local disk.

Step8.               Continue the steps by following the below table.

Window

Configuration Steps

Export File Format Window

 

Select Base-64 encoded X.509.

Select Next.

File to Export Window

 

Enter the location where you want to store the certificate and use cert.cer for the certificate name, for example, c:\cert.cer

Select Next.

Certificate Export Wizard Completion Window

 

Review the summary information and verify that the export was successful.

Select Finish.

 

 

 

 

 

 

 

 

 

 

 

 

 

1.6.3        how to get CA root certificate

Step9.               Open the URL specific to your CA windows platform type:

https://127.0.0.1/certsrv

Step10.            Select Download a CA certificate, certificate chain, or CRL.

Step11.            For the Encoding Method, select Base 64,then Download CA Certificate.

Step12.            Save the certificate to the local disk.

 

 

1.6.4        how to get CSR self-signed certificate by certificate application

use openssl  x509 commandimport own private key to generate. When prompt fill in private key password, just fill in.

>x509 -req -in bmu_cert.csr -out bmu_cert.crt -signkey bmu_private.key -days 3650

END