Create a certificate issuance application to the certificate authority. The key generation algorithm is "RSA".

Execute this command on the Management Server/Master Management Server.

DTKSVMakeCSR.exe -file filePath -validity validityPeriod -CN FQDNOrIpAddress -OU organizationUnit -O organizationName [-L cityName, area] [-ST state, locality] -C countryName [-keysize sizeOfKeyToBeGenerated] [-sigalg signatureAlgorithm] -certfile certificateFileName

DTKSVMakeCSR.exe -file2 certIssuanceApplicationFilePath -certfile2 serverCertFileName

-file

Specify the output file path of the application. (Mandatory)

-validity

Specify the validity period in the range of 1 to 36500 days. (Mandatory)

-CN

Specify Server name or IP address of the (integrated) Management Server to connect to in the client (CT) in FQDN or IP address format. (Mandatory)

-OU

Specify the organization unit. (Mandatory)

-O

Specify the organization name. (Mandatory)

-L

Specify the name of the city and area. (Optional)

If you omit this option, the name of the city and area will not be set.

-ST

Specify the name of the state and locality. (Optional)

If you omit this option, the name of the state and locality will not be set.

-C

Specify the name of the country. (Mandatory)

Enter "JP" for Japan.

-keysize

Specify the size of the key to be generated. (Optional)

The maximum value is "8192". The minimum value depends on the signature algorithm.

If you omit this option, the value "2048" will be set.

-sigalg

Specify the signature algorithm. (Optional)

If you omit this option, the value "SHA256withRSA" will be set.

Refer to the signature algorithm of the Java keytool command for details on the signature algorithm.

-certfile

Specify the file name when generating the server certificate by using the generated certificate issuance application. (Mandatory)

The same file name as the one specified in the -file option cannot be specified.

-file2

Specify the output file path for the Relay Server certificate issuance application, when connecting to Windows clients (CT) via the Internet. (Mandatory)

-certfile2

Specify the file name for generating a server certificate using a certificate issuance application that was generated by the Relay Server, when connecting to Windows clients (CT) via the Internet. (Mandatory)

The same file name as the one specified in -file2 option cannot be specified.

Confirm with the certificate authority about each input item.

0:

Ended normally

Other:

Ended abnormally

mgmtServerInstallFolder\bin

• Execute this command as a user that belongs to the Administrators group of the local computer or a user that belongs to the Domain Admins group of the domain.

Example: Output the application to c:\temp\dtk.csr and to output the server certificate to c:\temp\dtk.cer

Name of the company: DTK Corporation

Address: Chuo-ku, Tokyo

Domain name: dtk.co.jp

Validity period: 3650 (days)

Server name/IP address: SV1.dtk.co.jp (*1)

Organization unit: Sales department

Name of the organization: DTK K.K.

Name of the city: Chuo-Ku

Area: Tokyo

Name of the country: JP

Size of the key to be generated: 2048

Signature name algorithm: SHA256withRSA

DTKSVMakeCSR.exe -file c:\temp\dtk.csr -validity 3650 -CN SV1.dtk.co.jp -OU "Sales department" -O "DTK K.K." -L Chuo-Ku -ST Tokyo -C JP -keysize 2048 -sigalg SHA256withRSA -certfile c:\temp\dtk.cer

*1: When the computer name in the application is SV1

Example: When generating a server certificate for c:\temp\dtk.cer using a certificate issuance application that was generated by the Relay Server, when connecting to Windows clients (CT) via the Internet.

DTKSVMakeCSR.exe -file2 c:\temp\dtk.csr -certfile2 c:\temp\dtk.cer

success