Commit 398aa062 authored by Xueshan Feng's avatar Xueshan Feng
Browse files

Mention the key file should be protected and how to valid CSR request with...

Mention the key file should be protected and how to valid CSR request with openssl command. Use 'foobar' as example instead of a real domain name.
parent 90cd8822
Generate a star ssl certificate request for a subdomain, e.g, *.anchorage.stanford.edu:
Generate a wildcard ssl certificate request for a subdomain, e.g, *.foobar.stanford.edu:
```
$ git clone git@code.stanford.edu:devops-tools/star-cert-request.git
$ cd star-cert-request
$ ./create-star-cert-req.sh -s anchorage -o "IT Services" -e "emerging-tech@lists.stanford.edu"
$ ./create-star-cert-req.sh -s foobar -o "Your Organization Name" -e "your-contact-email@lists.stanford.edu"
```
The default top domain is *stanford.edu*.
The default top domain is *stanford.edu*, which you can change at the top of the script.
**Note:** the subdomain key and the csr will be saved in your current working directory.
**Note:** the subdomain key and the csr will be saved in your current working directory. Make sure the files are protected.
The generated CSR has `CN=foobar.stanford.edu, X509v3 Subject Alternative Name: DNS:foobar.stanford.edu, DNS:*.foobar.stanford.edu`
To make sure everything looks good before you submit the request:
```
$ openssl req -noout -text -in foobar.stanford.edu.csr
```
Normally you can use [cert request form](https://tools.stanford.edu/cgi-bin/cert-request) to submit
your request, however, if the subdomain is delegated to a cloud vendor, you will need to send the csr to
**its-ssl-service@lists.stanford.edu** because the form cannot verify the ownership of a delegated domain from NetDB.
**its-ssl-service@lists.stanford.edu** because the form cannot verify the ownership of a domain from NetDB.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment