OpenSSL and client-side CSR generation
I need a favor. My infrastructure is IIS 6.0 and Windows Server 2003.
I need to investigate the use of OpenSSL and the creation of media that can be sent to end users, allowing them to create CSRs, and also create documentation to support CSR signing.
What I mean is I need to send a CD to the end user using a script that can generate CSR and private key on their machine based on my Publickey CAs.
-
the client can run the utility sent by me via some CD or DVD (maybe an openSSL script) needs to take some parameters for the end user to provide the keyword / password data.
-
The script will generate a private key and CSR for my company through a secure way (maybe via email, I know this is insecure, but some how they send us a CSR)
-
We get the CSR and we sign it and go back to the client.
So I need to document this so the end user can understand what he is doing.
So my question is where can I send the script to be sent to the client so that it can generate its own CSR and PrivateKey.
Take a look at the openssl req command . Call req in script and provide ssl config file in -config option. req will ask the user for the necessary information and write the request to a file (which you also specify on the command line).
Edit : you can download openssl from http://www.slproweb.com/products/Win32OpenSSL.html Read the req man page.
source to share