Michael Leone on 22 Dec 2014 07:36:41 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Issuing a cert from OpenSSL without a CSR from the client

I'm gonna ask a stupid question. We use IBM's Connections product here (it's a collaboration software, Windows based). It installs with it's own self-signed certificate. I have my own CA, running on an old Ubuntu VM. I want to issue a cert from it, for this server. That way, the cert will be trusted (I've already pushed our own CA cert out to all my clients).

Here's where it gets weird - Connections uses IBM WebSphere as it's web interface. And my Connections guy says he can't figure out how to get WebSphere to issue a cert request (CSR) that I can then sign, and use to issue him a cert. (don't ask me, I don't administer the thing)

Leaving aside the obvious "go check the IBM site for how to request a cert with WebSphere", theoretically I should be able to also issue a CSR in the name of that Connections server, shouldn't I? If I do "openssl -req", and answer the prompts with the FQDN of the Connections server, I should be able to use the resulting CSR; sign it; issue a cert; and my guy then use that in WebSphere?

Any request I generate myself on my CA, in the name of the Connections server, will be pretty much the same as an actual CSR generated on that Connections server, right? Just as valid a CSR, I mean.


Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug