Frequently Asked Question

Requesting a certificate from a GEN CA
Last Updated 9 days ago

Request a new certificate

To do this we need to have two things, the root certificate, and the signing key. These will be provided to you. 

This assumes Linux with step-cli installed

Get the root certificate

step ca root root_ca.crt --ca-url https://ca.dc.gen.network --fingerprint 2550053b9f59238d51822f4a4511f64e28139443040d0e922e886661b74ca


Request a certificate

step ca certificate --ca-url https://ca.dc.gen.network--root root_ca.crt --san someserver.dc.gen.network --san 10.1.1.100 someserver someserver.crt someserver.key --not-after=26280h

Here we are requesting a certificate for someserver.dc.gen.network and we're saving the file as someserver.crt and someserver.key and asking for a 3 year certificate. 

The certificate files will be placed in the current directory. 

Installing the root

In order for these certificates to be trusted we need to install the root certificate in servers and workstations as needed. 

MacOS

Download the root certificate as root_ca.crt

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain root_ca.crt

Windows

certutil -addstore -f "Root" root_ca.crt

Linux (Debian)

sudo mkdir -p /usr/local/share/ca-certificates/gen-ca
sudo cp root_ca.crt /usr/local/share/ca-certificates/gen-ca/root_ca.crt
sudo update-ca-certificates

Linux (RHEL)

sudo cp root_ca.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract
This website relies on temporary cookies to function, but no personal data is ever stored in the cookies.
OK
Powered by GEN UK CLEAN GREEN ENERGY

Loading ...