Request a certificate for KC Plug-In using OpenSSL
In this example, OpenSSL is used to generate a certificate for KC Plug-In.
-
Use OpenSSL to request a certificate (assuming Windows binary distribution of OpenSSL).
-
Generate an RSA private key.
C:\Openssl\bin\openssl.exe genrsa -out my_key.key 2048
This command generates a private key file with the file name my_key.key and a key length of 2048 bits.
-
Generate a Certificate Signing Request (CSR).
C:\Openssl\bin\openssl.exe req -new -key my_key.key -out my_request.csr -config C:\Openssl\bin\openssl.cnf
This command uses the my_key.key file to create the CSR my_request.csr.
-
Generate a self-signed public certificate based on the request.
C:\Openssl\bin\openssl.exe x509 -req -days 3650 -in my_request.csr -signkey my_key.key -out my_cert.crt
This command uses the private key and certificate signing request to create a self-signed public certificate (my_cert.crt).
-
Generate a PKCS#12 file.
C:\Openssl\bin\openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in my_cert.crt -inkey my_key.key -out my_pkcs12.pfx -name "my-name"
-
Generate an RSA private key.
-
Start Certificates MMC Snap-In for computer account:
- Start MMC, for example, by running mmc.exe from the Start menu.
- On the File menu, select Add/Remove Snap-In.
- Click Add and select Certificates. Click Add again.
- Select Computer account. Click Next.
- Select Local computer. Click Finish.
- Click Close and click OK.
- Install the certificate to the Personal\Certificates folder for computer account.
- Display the details of the certificate and copy the value of its thumbprint into KC Plug-In configuration. See Configure web service.
- Restart KC Plug-In.