Creating your Certificate Signing Request (CSR) File


To obtain an X.509 certificate from EnOS CA, you need to create a CSR file in your device or application.


The following procedure uses OpenSSL as an example to create a CSR:

  1. Generate a key pair.

    openssl genrsa -out <key_name>.key 2048

    Note

    You MUST use RSA algorithm with 2048 bits to generate the key pair. <key_name> is the name of the key, for example, deviceCert.key.


  2. Create a CSR for your device or application.

    openssl req -new -key <key_name>.key -out <csr_name>.csr -sha256

    Note

    The <key_name>.key file is the key that you generated in step 1 and <csr_name> is the csr file name, for example, deviceCert.csr.


  3. Provide information for the following.

    CSR file information
    Subject Field Mandatory? Description Max Length Corresponding Initials
    Country Name Yes The country code. For the specific country code, see Country code 2 characters C
    State or Province Name Yes The state or province name, for example, Guizhou 64 characters ST
    Locality Name Yes The locality name, for example, Kaili 64 characters L
    Organization Name Yes The organization name 64 characters O
    Organizational Unit Name Yes The department name 64 characters OU
    Common Name Yes The certificate common name. When applying for a new certificate, ensure that the common name is unique; it cannot duplicate the common name of any existing device or application. 64 characters CN
    Email Address No Email Address 64 characters EA


Note

  • There might be times when information for fields other than the ones listed in the table needs to be provided. When this occurs, you can press enter directly to skip it.
  • When updating the certificate for an existing device/application, use the Common Name in the old CSR.