Creating your Certificate Signing Request (CSR) File


To obtain an X.509 certificate from EnOS CA, you need to create a CSR file in your device or application.


The following procedure uses OpenSSL as an example to create a CSR:

  1. Generate a key pair.

    openssl genrsa -out <key_name>.key 2048

    Note

    You MUST use RSA algorithm with 2048 bits to generate the key pair. <key_name> is the name of the key, for example, deviceCert.key.


  2. Create a CSR for your device or application.

    openssl req -new -key <key_name>.key -out <csr_name>.csr -sha256

    Note

    The <key_name>.key file is the key that you generated in step 1 and <csr_name> is the csr file name, for example, deviceCert.csr.


  3. Provide information for the following.

    CSR file information

    Subject Field

    Mandatory?

    Description

    Max Length

    Corresponding Initials

    Country Name

    Yes

    The country code. For the specific country code, see Country code

    2 characters

    C

    State or Province Name

    Yes

    The state or province name, for example, Guizhou

    64 characters

    ST

    Locality Name

    Yes

    The locality name, for example, Kaili

    64 characters

    L

    Organization Name

    Yes

    The organization name

    64 characters

    O

    Organizational Unit Name

    Yes

    The department name

    64 characters

    OU

    Common Name

    Yes

    The certificate common name. When applying for a new certificate, ensure that the common name is unique; it cannot duplicate the common name of any existing device or application.

    64 characters

    CN

    Email Address

    No

    Email Address

    64 characters

    EA


Note

  • There might be times when information for fields other than the ones listed in the table needs to be provided. When this occurs, you can press enter directly to skip it.

  • When updating the certificate for an existing device/application, use the Common Name in the old CSR.