Creating your Certificate Signing Request (CSR) file¶
To obtain an X.509 certificate from the EnOS CA, you need to create a CSR file in your device or application.
The following procedure uses OpenSSL as an example to create a CSR:
Generate a key pair.
openssl genrsa -out <key_name>.key 2048
You MUST use RSA algorithm with 2048 bits to generate the key pair.
<key_name>is the name of the key, for example,
Create a CSR for the your device or application.
openssl req -new -key <key_name>.key -out <csr_name>.csr -sha256
<key_name>.keyfile is the key that you generated in step 1 and
<csr_name>is the csr file name, for example,
You will be prompted with information as follows:
Country Name (2 letter code) [AU]: State or Province Name (full name) : Locality Name (for example, city) : Organization Name (for example, company) : Organizational Unit Name (for example, section) : Common Name (e.g. server FQDN or YOUR name) : Email Address :
- You MUST follow the rules defined by CA:
- All the subject fields except Email Address are required.
- Ensure that the subject fields Country Name (C), State or Province Name (ST), and Organization Name (O) are consistent with the CA root certificate.