WoSign,making the internet more secure and trusted!
home>Support>CSR Generation Instruction - CNT Web Integrator

CSR Generation Instruction - CNT Web Integrator

To generate a CSR for CNT Web Integrator follow the instructions below:

Step 1: Prepare to Run the Certificate Management Utilities

CNT provides the following certificate management utilities:






Before you run the Certificate Management utilities, enter the following from /webint_phaos/cm in the software installation directory:

For Windows NT, enter:

set CLASSPATH=.:install_dir\webint_phaos\classes\crysec.zip;


For UNIX (Bourne shell), enter:

export CLASSPATH=.:install_dir/webint_phaos/classes/crysec.zip;


Note that install_dir is the software installation directory and java_install_dir is the JDK installation directory.

Step 2: Generate an RSA Key

Use the rsakey utility to generate an RSA key. By default, the key is output in password-protected PKCS5-encoded PKCS8 format to the file enc-server-key.der.

The rsakey utility prompts you for a password phrase. Make sure that you remember your password. You will need it when you start the Web Integrator Server. If you forget your password, you will need to generate a new certificate.

Note: The rsakey utility may take more than a minute to generate a key, even if you are using a JIT compiler.

The rsakey utility is described as follows:


java rsakey [params]


-f key file

Specifies the name of the file to which the key is output.

Default: enc-server-key.der


Indicates that you want to output the key file in PKCS1 format, which is not password-protected.

If you use this parameter, the key is output to the file server-key.der, which is a DER-encoded (Distinguished Encoding Rules encoded) binary file.

If you use this parameter and do not password-protect your key file, make sure that you store your key in a file that is accessible only to the Web Integrator Server administrator.

-e publicExp

The public exponent.

Default: 65537

-n bits

The key length in bits.

Default: 512


Indicates that you want to display the key.


Displays the parameters and their descriptions.


% java rsakey

generate p

generate q

Enter password phrase: Test Server

Note: Make sure that you remember the password and that you save the output key file enc-server-key.der.

NOTE: Please backup your private key and write the password down in a safe place. Your certificate will not work without this private key.

Step 3: Build a Certification Request


-k key file

The key file name.

Default: enc-server-key.der


Indicates that you want to output the Certificate Submission Request (CSR) in DER format.

If you do not use this parameter, the CSR is output in BASE64-encoded Privacy Enhanced Mail (PEM) format to the file server-csr.pem.

-o csr file

Specifies the name of the file to which the CSR is output.

Default: server-csr.pem


Displays the parameters and their descriptions.


% java csr

Enter password to enc-server-key.der: Test Server

Enter Country name [US]:

Enter State name: Massachusetts

Enter Locality name: Westborough

Enter Organization name: CNT

Enter Organization Unit name [Brixton Web Integrator]:

Enter Common name (e.g., host.cnt.com): bass.cnt.com

Enter E-mail Address: tech_support@cnt.com


Your Certification Request is in server-csr.pem

The output file from this example is as follows:

% cat server-csr.pem










Start the certificate request process

To submit the CSR to WoSign for processing you should start the certificate enrollment process.