1.Open a command window.
2.Change directories to C:\ca.
3.Set the HOME environmental variable with this command:
SET HOME=C:\MinGW\msys\1.0
4.Create a configuration file for the request like the one below. Name it request_member.cfg.
5.Modify the configuration file with the desired values of the distinguished name.
6.Perform this OpenSSL command, referencing the configuration file. The command will prompt you for the fields. You can accept the default values by entering just typing the Enter key.
openssl req -nodes -newkey rsa:2024 -keyout testkey.key -config request_member.cfg -out testreq.csr
Note: The -nodes (no DES) option must be used. Otherwise, the openssl command prompts for a password and encrypts the private key. Encrypting the private kill will cause mongod to fail.
7.View the request with this command:
openssl req -in testreq.csr -text -noout | more
The process produces two file:
•testkey.key which is the private key for user.
•testreq.csr which is the certificate request needed for the next step.
###############################################################################
# Member Certificate Request Configuration File
[ req ]
default_bits = 2048 # RSA key size
encrypt_key = yes # Protect private key
default_md = sha1 # MD to use
utf8 = yes # Input is UTF-8
string_mask = utf8only # Emit UTF-8 strings
prompt = yes # Prompt for DN
distinguished_name = codesign_dn # DN template
req_extensions = codesign_reqext # Desired request extensions
[ codesign_dn ]
commonName = "Common Name (eg, server name )"
commonName_max = 64
organizationalUnitName = "Organizational Unit Name (eg, section)"
organizationalUnitName_default = MongoDBServer
organizationName = "Organization Name (eg, company)"
organizationName_default = Waysys LLC
stateOrProvinceName = "State Name (eg, region)"
stateOrProvinceName_default = North Carolina
countryName = "Country Name (2 letters) (eg, US)"
countryName_max = 2
countryName_default = US
1.domainComponent = "Second domain component (eg. waysysweb)"
1.domainComponent_default = waysysweb
0.domainComponent = "First domain componenet (eg. com)"
0.domainComponent_default = com
[ codesign_reqext ]
keyUsage = digitalSignature
extendedKeyUsage = clientAuth
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = database.m310.mongodb.university
IP.1 = 127.0.0.1
DNS.2 = localhost
•If the HOME environmental variable is not set, OpenSSL will issue an error:
unable to write 'random state'
•Piping the output from the OpenSSL command to more produces an output that is more readable than the raw output from the OpenSSL command.