Creating a User Interface Certificate Guide (7.3.0) - RFC
I had to create both a user interface certificate and a subordinate CA from our internal Windows CA and had a few issues. I have managed to fix it with the aid of various posts on this forum and trial & error but thought it may be useful to create a definitive guide so here goes... This guide is for creating the User Interface Certificate. I have posted another for the Subordinate CA.
As the title of the post suggest, it's an RFC too so please comment Version is 7.3.0 (13875)
I based this on information in the following posts and my own trial & error:
1. Export your internal CA from your PC certificate store. Importing the certificate chain does not work so export in Base-64 encoded. 1.1. On your PC > MMC > Add Certificates snap-in > either My user account or Computer account
1.3. Highlight _your_internal_CA_ > right-click > All Tasks > Export 1.4. Select Base-64 encoded > Next > save locally
2. Logon to the mwg via ssh
3. Run this command to create the csr & create a PEM pass phrase:
openssl req -out testmgw.csr –new
[root@MWG ~]# openssl req -out testmgw.csr -new Generating a 2048 bit RSA private key .....................+++ .........+++ writing new private key to 'privkey.pem' <---Note that private key is being created here Enter PEM pass phrase: <---Enter suitable passphrase Verifying - Enter PEM pass phrase: <---Confirm passphrase ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: <---Change to site country State or Province Name (full name) : <---Change to site location or leave blank Locality Name (eg, city) [Default City]: <---Change to site city or leave blank Organization Name (eg, company) [Default Company Ltd]: <---Change to co. name Organizational Unit Name (eg, section) : Common Name (eg, your name or your server's hostname) : <---Enter either servername/ IP here Email Address :
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : <---Leave blank An optional company name : <---Leave blank [root@MWG ~]#
4. Create an RSA private key by running the openssl command below & fill in the details
Re: Creating a User Interface Certificate Guide (7.3.0) - RFC
All steps are working for me but since we have a root and intermediate certificate, I am still receiving a certificate error (that I can bypass) with FF. I have tried to import a certificate chain (p7b) but as state in your document, it is not working. Is there a way to import a certificate chain for the GUI Cert???
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.