× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2016

Re: Generating CSR AND public key for Letsencrypt

Thanks Tim. None of my websites would be considered "production" so using Letsencrypt is pretty much an attempt to familiarize myself a bit with it. Longer term I'd like to use some API hooks to DCM to automate the whole thing but, one step at a time here.....

The part I am still a little fuzzy on is how running openssl, apart from DCM, would work. I would think that DCM would have a private/public keystore that would have to match the private/public keys used by openssl. So I didn't think it would be possible to run *anything* outside of DCM and get a happy result....but then, I am not 100% conversant in public/private keys and SSL...

I'll give your instructions whirl and let you know how it goes...

Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
LinkedIn - www.linkedin.com/in/petehelgren
Twitter - Sys_i_Geek IBM_i_Geek

On 10/21/2016 10:00 AM, Tim Bronski wrote:
Yes you can do it but it's a pain. IMO for a "production" web site it's not worth the effort for the relatively low $ it costs to get from from someone like GoDaddy. That said, this is how I do it for a test server. I'll presume you're familiar with openssl. I use the windows binaries that sometimes take slightly different command parms.

Use openssl to generate a public key pair with the genrsa option and store the output in a file (mykeypair).

Create your CSR in DCM. If the CSR is titled "----BEGIN NEW CERTIFICATE REQUEST-----" change it to "-----BEGIN CERTIFICATE REQUEST-----". Similarly for the END marker.

On the https://gethttpsforfree.com/ web page fill in the email address, your public key (mykeypair.pub) and cut and paste the modified CSR.

Now go through the signing requests. I cut and paste the quoted text from the strings into a file (tosign.txt) and then use this:

openssl dgst -sha256 -hex -sign mykeypair.key tosign.txt |clip

I can then paste from the clipboard. Do this x3 and validate.

Once you get the signed cert copy to the IBMi and install. Make sure you have the intermediate cert loaded.

Tim


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.