Can you please confirm that the CSR generated above, is correctly using the public key / private key that we have generated. I did not find any documentation explaining this process in detail.
Thank you in advance,
Best regards,
Emmanuel
Last edit: Emmanuel MATHIEU 2020-06-17
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It might be easier to check in the Admin Web interface where you can click on the worker and see the current configuration (i.e. DEFAULTKEY and NEXTCERTSIGNKEY) and even open Status properties and inspect the key/dummy certificate.
If you want to use the Admin CLI then you can check the current configuration for your worker with: bin/signserver getstatus complete 1
Then generating a certificate and specifying that worker ID will use the key specified as DEFAULTKEY unless there is a NEXTCERTSIGNKEY, in which case that one would be used.
If you are unsure, you can also explicitly specify which key to use with the "-alias" option.
Cheers,
Markus
PrimeKey Solutions
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
We are new to Primekey SignServer and we are currenlty using it to sign PDF with a HSM.
We are in the process of creating a CSR, in order to send it to a certificate issuer.
First we have created a pair key using this command
bin/signserver generatekey 1 -alias signkey -keyalg RSA -keyspec 2048
And this key is set as WORKERGENID1.DEFAULTKEY in our config file and we can see it in our HSM.
Then we generate the CSR using this command :
bin/signserver generatecertreq 1 "CN=NAME, O=COMPANY, OU=Technical Operations" SHA256WithRSA /tmp/certreq.pem
Can you please confirm that the CSR generated above, is correctly using the public key / private key that we have generated. I did not find any documentation explaining this process in detail.
Thank you in advance,
Best regards,
Emmanuel
Last edit: Emmanuel MATHIEU 2020-06-17
Hello Emmanuel,
It might be easier to check in the Admin Web interface where you can click on the worker and see the current configuration (i.e. DEFAULTKEY and NEXTCERTSIGNKEY) and even open Status properties and inspect the key/dummy certificate.
If you want to use the Admin CLI then you can check the current configuration for your worker with:
bin/signserver getstatus complete 1
Then generating a certificate and specifying that worker ID will use the key specified as DEFAULTKEY unless there is a NEXTCERTSIGNKEY, in which case that one would be used.
If you are unsure, you can also explicitly specify which key to use with the "-alias" option.
Cheers,
Markus
PrimeKey Solutions