Chapter 4 — Configuring the Library
2. The BlueScale web server must use an RSA private key and cannot use
August 2019
Organizational Unit Name (eg, section) []: DVT Test
Common Name (e.g. server FQDN or YOUR name) []:
T950V@company.com
Email Address []: support@company.com
Request a Certificate Using a Certificate Signing Request
Request a security certificate and the authentication key from your
signing authority and process the key for use in with the BlueScale
software.
a. Request a certificate from www.verisign.com,
www.instantssl.com, www.letsencrypt.org or another SSL
certificate vendor to obtain the certificate. For example, to
generate a certificate signing request using openssl, use the
following command:
openssl req ‐newkey rsa:2048 ‐nodes
‐subj ʺ/C=US/ST=Colorado/L=Boulder/O=Spectra/CN=DVT‐
T950Vʺ ‐out ssl.csr ‐keyout ssl.key
The openssl req command is a certificate request and certificate
generating utility. The following parameters are used in the
example:
‐newkey rsa:nbits ‐ Generates a new certificate signing request
and a new RSA private key nbits in size. The Library supports
RSA keys in bits of 512, 768, 1024 and 2048.
‐nodes ‐ This option specifies that the private key not be
encrypted.
‐subj ʺargʺ ‐ This option provides the answers to many of the
prompts shown in the example above.
‐keyout filename ‐ This option specifies the private key file
name.
‐out filename ‐ This option specifies the certificate signing
request file name.
b. Send the certificate signing request to the signing authority. A
certificate named ssl.crt and a key named ssl.key will be
returned.
a key with a passphrase. If the private key does not include BEGIN RSA
PRIVATE KEY in the header or uses a passphrase, rename the key to
original_ssl.key and issue the following command.
openssl rsa ‐in original_ssl.key ‐out ssl.key
If the key has a passphrase, issuing this command prompts you for the
passphrase.
Configuring Optional Library Settings
User Guide—Spectra T950V Library
114