Scribd
Upload
57 views8 pages

How To Request An SSL Public Certificate Using ECC Algorithm

This document provides instructions for requesting an ECC public SSL certificate from Michelin. It explains how to generate an ECC CSR file on both Linux and Windows servers using openssl or the Microsoft Management Console. The CSR file needs to include specific details like the organization name, domain name, and use a 256-bit ECC key. Once generated, the CSR text should be copied and emailed along with any additional domain names to Michelin's support team to request the certificate.

Uploaded by

umar.mujawar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
57 views8 pages

How To Request An SSL Public Certificate Using ECC Algorithm

This document provides instructions for requesting an ECC public SSL certificate from Michelin. It explains how to generate an ECC CSR file on both Linux and Windows servers using openssl or the Microsoft Management Console. The CSR file needs to include specific details like the organization name, domain name, and use a 256-bit ECC key. Once generated, the CSR text should be copied and emailed along with any additional domain names to Michelin's support team to request the certificate.

Uploaded by

umar.mujawar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

19/01/2021

Classification D3 How to request an ECC public SSL certificate Author: F294342

How to request an SSL public certificate using ECC algorithm


1 -INTRODUCTION ................................................................................................................................................................ 1
2- TOOLS .................................................................................................................................................................. 1
3 -OPEN SSL: How to create your ECC CSR for apache Linux servers ................................................................................... 2
4 -WINDOWS SERVERS: How to build your ECC CSR for windows servers ........................................................................... 2

1 - INTRODUCTION
To request a certificate, you must provide a CSR (Certificate Signing Request) to the support team
[email protected]
The CSR must respect our requirement described in the following picture.

This document explains how to create the CSR file using ECC algorithm.

2 - TOOLS
Before sending your csr, you can check it with the tool available on the following link
https://ssltools.digicert.com/checker/views/landing.jsp

The status must be green,

Page : 1/8
How to request an ECC public SSL certificate

3 - OPEN SSL: How to create your ECC CSR for apache Linux servers
• Log into your Apache server.
• At the prompt, type the following command to generate an ECC private key using the OpenSSL ecparam tool to
generate your .key file:

openssl ecparam -out server.key -name prime256v1 -genkey


Where server is the name of your server.

Note: With ECC, we can use shorter key lengths than in RSA, for better security, Recommended ECC key size is 256-bit. If greater encryption
strength is required, your other private key option is secp384r1.
• Save (backup) the generated .key file, making sure to note its location. This private key is required later for ECC SSL
Certificate installation.
• Next, type the following command to generate a ECC certificate signing request (CSR):

openssl req -new -key server.key -out server.csr -sha256


Where server is the name of your server.

• As you are prompted, enter the following information:


For fields that are not required, you can enter '.' and those fields will be left blank.
Country Name: FR
State or Province Name: Puy de Dome
Locality Name: Clermont Ferrand
Organization Name: Manufacture Francaise des Pneumatiques Michelin
Organizational Unit Name: ZONE 3
Common Name: The URL you want to protect
• This creates your openssl.csr file.
• Now, open the .csr file with a text editor and copy the text of your CSR, including the -----BEGIN NEW CERTIFICATE
REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags,

• Then send a mail to [email protected] with the CSR attached in the mail.

For those who can access service now:


Open an service request assigned to the group WW-XX-NET-DNS-SSL
And paste the CSR in the Service request

• Support team will check the request, build the certificate then send you a through the DIGICERT console with a link
to download your certificate

4 - WINDOWS SERVERS: How to build your ECC CSR for windows servers
These instructions were created on Windows Server 2012. Depending on which Microsoft platform or operating system you are using, you may need to modify

these instructions accordingly.

How to Create Your ECC CSR Using the Microsoft Management Console (MMC)
1 Open Microsoft Management Console as an admin.
• On the Windows Start screen, type mmc.
• Right-click on mmc.exe and then click Run as administrator.
• In the User Account Control window, click Yes to allow the program to make changes to the computer.
2 In the MMC Console, click File > Add/Remove Snap-in.

Page : 2/8
How to request an ECC public SSL certificate

3 In the Add or Remove Snap-ins window, under Available snap-ins, select Certificates and then, click Add.

4 In the Certificate snap-in window, select Computer account so that you can manage the certificates that are installed
on this computer.

5 In the Select Computer window, select Local computer: (the computer this console is running on) and then,
click Finish.

6 In the Add or Remove Snap-ins window, click OK.

Page : 3/8
How to request an ECC public SSL certificate

7 In the MMC Console, in the console tree, expand Certificates > Personal, right-click on the Certificates folder, and
then, click All Tasks > Advanced Operations > Create Custom Request.

8 In the Certificate Enrollment wizard, on the Before You Begin page, click Next.

9 On the Select Certificate Enrollment Policy page, select Process without enrollment policy and then, click Next.

10 On the Custom request page, choose options following options;


Template: In the drop-down list, select (No template) CNG key.
Request format: Select PKCS #10.
and then click Next.

Page : 4/8
How to request an ECC public SSL certificate

11 On the Certificate Information page, expand Details (click the drop-down arrow) and then click Properties.

12 In the Certificate Properties window, on the General tab, you can choose a friendly name and add a brief description
about the certificate.
Note: The friendly name is not part of the certificate; instead, it is used to identify the certificate.

13 On the Subject tab, under Subject name, select a Type, enter the appropriate Value for the type, and then click Add.

Here are the values to be filled in


Country Name: FR
State or Province Name: Puy de Dome
Locality Name: Clermont Ferrand
Organization Name: Manufacture Francaise des Pneumatiques Michelin
Organizational Unit Name: ZONE 3
Common Name: The URL you want to protect

14 If you are ordering a Multi-Domain (SAN) ECC SSL certificate, enter additional hostnames
(e.g., example2.com, example3.net, mail.example.net) that you want your certificate to secure.

Page : 5/8
How to request an ECC public SSL certificate

• Under Alternative name, in the Type drop-down list, select DNS.


• In the Value box, enter an additional hostname that you want the certificate to secure and then click Add.
• Repeat for each additional hostname that you want to add to the certificate.

15 On the Private Key tab, expand Cryptographic Service Provider and then under Select cryptographic service provider
(CSP), do the following:

• Uncheck RSA, Microsoft Software Key Storage Provider.


• Check ECDSA_P256, Microsoft Software Key Storage Provider.
Note: With ECC, we can use shorter key lengths than in RSA, for better security, Recommended ECC key size is 256-bit. If greater encryption strength is
required, your other private key option option is 384.

You can select any of the ECDSA options for your ECC SSL Certificate. However, do not use the ECDH options.

16 Next, expand Key options and check Make private key exportable.

Page : 6/8
How to request an ECC public SSL certificate

Finally, click Apply and then click OK.

17 In the Certificate Enrollment wizard, on the Certificate Information page, click Next.

18 On the Where do you want to save the offline request page, do the following:

• For the File format, select Base 64.


• In the File Name box, type a name for your CSR file (e.g., ecc_ssl_csr).
• Click Browse to select the location where you want to save the CSR (.req) file and then click Save.
Make sure to note the filename and the location where you saved your CSR file.
• Click Finish.

19 Use a text editor (such as Notepad) to open the file.

20 Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE
REQUEST----- tags.
Then send a mail to [email protected] with the CSR file attached in the mail.

For those who can access service now, in addition to the mail,
Open an service request assigned to the group WW-XX-NET-DNS-SSL

Page : 7/8
How to request an ECC public SSL certificate

And paste the CSR in the Service request

Support team will check the request, build the certificate then send you a through the DIGICERT console with a link
to download your certificate

Note: During your DigiCert SSL Certificate ordering process, when asked to Select Server Software, make sure
that you select OTHER. This option ensures that you receive all the required certificates.

Page : 8/8

You might also like