This page describes how to generate a CSR file intended for enable ClickOnce deployment, which later will be turned into a certificate by a signing Certificate Authority.
A private key is the secret which is used to prove that a server truly is the owner of its certificate. The private key and the certificate (which contains the corresponding public key) is basis for the Public Key Infrastructure (PKI). A Certificate Signing Request (CSR) is a request from a private key owner for a certificate. The CSR is signed by a Certificate Authority to create a certificate.
Follow these steps to create a CSR using the openssl tool, which is located in <ifs_home>\openssl\bin folder.
@echo off SET OPENSSL_PATH=C:\ifs\openssl\bin SET PATH=%OPENSSL_PATH%;%PATH% SET KEYLENGTH=1024 SET KEYFILE_PWD=clickonce_protected.key SET KEYFILE=clickonce.key SET CSRFILE=clickonce.csr SET CSRCONFIG=opensslconf_clickonce_csr.txt if exist %KEYFILE_PWD% goto SKIP_KEYFILE_PWD echo ** echo ** File %KEYFILE_PWD% will be created. echo ** You will have to choose a passphrase for it. echo ** openssl genrsa -des3 -out %KEYFILE_PWD% %KEYLENGTH% :SKIP_KEYFILE_PWD if exist %KEYFILE% goto SKIP_KEYFILE echo ** echo ** File %KEYFILE% will be created. echo ** You will have to enter passphrase used to create %KEYFILE_PWD%. echo ** openssl rsa -in %KEYFILE_PWD% -out %KEYFILE% :SKIP_KEYFILE if exist %CSRFILE% goto SKIP_CSR echo ** echo ** Create %CSRCONFIG% and enter usefull req_distinguished_name echo ** information, describing the enterprise. echo ** Save file, then press enter to continue. echo ** notepad %CSRCONFIG% pause openssl req -new -key %KEYFILE% -out %CSRFILE% -config %CSRCONFIG% :SKIP_CSR echo ** echo ** Certificate Signing Request (CSR) created successfully. echo ** pause
[ req ] default_bits = 1024 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = mypass [ req_distinguished_name ] C = GB ST = Test State or Province L = Test Locality O = Organization Name OU = Organizational Unit Name CN = Common Name emailAddress = test@email.address [ req_attributes ]
** ** File clickonce_protected.key will be created. ** You will have to choose a passphrase for it. ** Loading 'screen' into random state - done Generating RSA private key, 1024 bit long modulus ...............++++++ ...++++++ e is 65537 (0x10001) Enter pass phrase for clickonce_protected.key: Verifying - Enter pass phrase for clickonce_protected.key: ** ** File clickonce.key will be created. ** You will have to enter passphrase used to create clickonce_protected.key. ** Enter pass phrase for clickonce_protected.key: writing RSA key ** ** Create opensslconf_clickonce_csr.txt and enter usefull req_distinguished_name ** information, describing the enterprise. ** Save file, then press enter to continue. ** Press any key to continue . . . ** ** Certificate Signing Request (CSR) created successfully. ** Press any key to continue . . .Also you should note that files clickonce_protected.key, clickonce.key, opensslconf_server_csr.txt and server.csr have been created. The .key files are private files which must not be compromised, so ensure that these files are protected (restrictive file permissions etc). The server.csr file is public and should sent to your Certificate Authority which will create a certificate for you.