Skip to main content

Como emitir e gerar o certificate request

Fontes: 
https://www.rnp.br/servicos/servicos-avancados/icpedu/certificado-corporativo
https://wiki.rnp.br/pages/viewpage.action?pageId=86102856

Gerar certificado

Criar Diretório: mkdir ~/domain.com.ssl

Gerar RSA: openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048

Gerar CSR: openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr

Exemplo

Criar Diretório: mkdir ~/jcr2.ifsp.edu.br.ssl

Gerar RSA: openssl genrsa -out ~/jcr2.ifsp.edu.br.ssl/jcr2.ifsp.edu.br.key 2048

Gerar CSR: openssl req -new -sha256 -key ~/jcr2.ifsp.edu.br.ssl/jcr2.ifsp.edu.br.key -out ~/jcr2.ifsp.edu.br.ssl/jcr2.ifsp.edu.br.csr

As seguintes perguntas serão feitas (respostas abaixo)

You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:SP
Locality Name (eg, city) []:Sao Paulo
Organization Name (eg, company) [Internet Widgits Pty Ltd]:INSTITUTO FEDERAL DE EDUCACAO, CIENCIA E TECNOLOGIA DE SAO PAULO
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:jcr2.ifsp.edu.br
Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:
An optional company name []:

Após gerar e enviar o CSR para a Reitoria, você deve baixar o novo certificado "intermediate.pem" para ser utilizado em conjunto com o certificado que você utilizará: LINK_DE_DOWNLOAD

Se ainda não possuir, você também deve baixar o "gs_root.pem" LINK_DE_DOWNLOAD

Certificados emitidos a partir de 27/5/2019 devem obrigatoriamente utilizar o novo "intermediate.pem" citado acima

Renomeie o arquivo para "intermediate.pem" caso você só utilize certificados gerados a partir da data acima

Para fins de registro, adiciono aqui o conteúdo dos arquivos:

gs_root.pem

-----BEGIN CERTIFICATE-----
MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
WD9f
-----END CERTIFICATE-----

intermediate_a_partir_27.5.pem

-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgIQdR4+54VB4tfq7ONxbGDjnjANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQG
EwJCRTEVMBMGA1UECxMMVHJ1c3RlZCBSb290MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIw
IAYDVQQDExlUcnVzdGVkIFJvb3QgQ0EgU0hBMjU2IEcyMB4XDTE5MDUxNTAwMDAwMFoXDTI2MDUx
NTAwMDAwMFowgbwxCzAJBgNVBAYTAkJSMTEwLwYDVQQKEyhSZWRlIE5hY2lvbmFsIGRlIEVuc2lu
byBlIFBlc3F1aXNhIC0gUk5QMSQwIgYDVQQLExtHZXJlbmNpYSBkZSBTZXJ2aWNvcyAoR1Nlcikx
FzAVBgNVBAcTDlJpbyBkZSBKYW5laXJvMRcwFQYDVQQIEw5SaW8gZGUgSmFuZWlybzEiMCAGA1UE
AxMZUk5QIElDUEVkdSBPViBTU0wgQ0EgMjAxOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKXy0aVSFMG4AXgSL5oDnUPqls7zPa1Fuik4KqTfSTaz1Q7ucOLl++mgy+a0QsNCgunY3fXT
wWmKMZABj4+K5OCzyNIuaAZdG7VN4+euIWrHS6MDycpR31R/oz7Rle0bxv7mvEUBXoP/UIicYuM3
jerIVCg6MsfvA9Zf96wW+Ay5wEmmGwhmNLSTULwKFLYzrxNoirAfgSFqOveSE4tjrpFuIuZYj/E5
87tpT14sPklK8iuQmbfe32JdsZ9kUKgAOjTnaFH3S1xaKAYsHHlOAlcond2TDneTAdU1B6fvfKHc
8lWcGL1luzagXy8otoMTjLLAIMusMeGLKchPwUvHyrcCAwEAAaOCAbwwggG4MA4GA1UdDwEB/wQE
AwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMBIGA1UdEwEB/wQI
MAYBAf8CAQAwHQYDVR0OBBYEFKswxwcoS8t6jlv+YWn31HqyhZtIMB8GA1UdIwQYMBaAFMhjmwhp
VMKYyNnN4zO3UF74yQGbMIGNBggrBgEFBQcBAQSBgDB+MDcGCCsGAQUFBzABhitodHRwOi8vb2Nz
cDIuZ2xvYmFsc2lnbi5jb20vdHJ1c3Ryb290c2hhMmcyMEMGCCsGAQUFBzAChjdodHRwOi8vc2Vj
dXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC90cnVzdHJvb3RzaGEyZzIuY3J0MEEGA1UdHwQ6MDgw
NqA0oDKGMGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvdHJ1c3Ryb290c2hhMmcyLmNybDBW
BgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxz
aWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwDQYJKoZIhvcNAQELBQADggEBALoshiuq7NiX
6GqigqN8pLfvz/ft29m6mEpkxzYZlyPIcsK5Vek4VNrucAhhttPl3HF85pNMDWICjpev4DwlQSs6
q+H7fJG8we0PPIJyhVtYMTFbSZz8G7NQcuCeSeLlOjEkAWWLR0F/lhOTktURLoA3q6//lkkwEjOo
QekpqI3RmmIMinWinIryzFim9P91ACY6O1oBi+kknw9V9vXHFyjnir6K729SJNjPshaIQ9OU8oTV
7d88cXX5mPUDq6bac8Lql5jx+z7t2k/89x7E9IO9IpQYiSJjL2nmcKMip1/pHy1UOgI5UDQkouw8
VCpi/TwwxybTPJIFOWPHt7GdN7o=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEXDCCA0SgAwIBAgILBAAAAAABNumCOV0wDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv
YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
bFNpZ24wHhcNMTIwNDI1MTEwMDAwWhcNMjcwNDI1MTEwMDAwWjBjMQswCQYDVQQGEwJCRTEVMBMG
A1UECxMMVHJ1c3RlZCBSb290MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlU
cnVzdGVkIFJvb3QgQ0EgU0hBMjU2IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
z80+/Q2PAhLuYwe04YTLBLGKr1/JScHtDvAY5E94GjGxCbSR1/1VhL880UPJyN85tddOoxZPgtIy
ZixDvvK+CgpT5webyBBbqK/ap7aoByghAJ7X520XZMRwKA6cEWa6tjCLWH1zscxQxGzgtV50rn2u
x2SapoCPxMpM4+tpEVwWJf3KP3NT+jd9GRaXWgNei5JKQuo9l+cZkSeuoWijvaer5hcLCufPywMM
Qd0r6XXIM/l7g9DjMaE24d+fa2bWxQXC8WT/PZ+D1KUEkdtn/ixADqsoiIibGn7M84EE9/NLjbzP
rwROlBUJFz6cuw+II0rZ8OFFeZ/OkHHYZq2h9wIDAQABo4IBJjCCASIwDgYDVR0PAQH/BAQDAgEG
MA8GA1UdEwEB/wQFMAMBAf8wRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBz
Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMB0GA1UdDgQWBBTIY5sIaVTCmMjZzeMz
t1Be+MkBmzA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3Qt
cjMuY3JsMD4GCCsGAQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNp
Z24uY29tL3Jvb3RyMzAfBgNVHSMEGDAWgBSP8Et/qC5FJK5NUPpjmove4t0bvDANBgkqhkiG9w0B
AQsFAAOCAQEAXzbLwBjJiY6j3WEcxD3eVnsIY4pY3bl6660tgpxCuLVx4o1xyiVkS/BcQFD7GIoX
FBRrf5HibO1uSEOw0QZoRwlsio1VPg1PRaccG5C1sB51l/TL1XH5zldZBCnRYrrFqCPorxi0xoRo
gj8kqkS2xyzYLElhx9X7jIzfZ8dC4mgOeoCtVvwM9xvmef3n6Vyb7/hl3w/zWwKxWyKJNaF7tScD
5nvtLUzyBpr++aztiyJ1WliWcS6W+V2gKg9rxEC/rc2yJS70DvfkPiEnBJ2x2AHZV3yKTALUqurk
V705JledqUT9I5frAwYNXZ8pNzden+DIcSIo7yKy6MX9czbFWQ==
-----END CERTIFICATE-----

 

Back to top