Top
Systemwalker Desktop Keeper Reference Manual
FUJITSU Software

1.40 DTKSVMakeCSR.EXE (Create Application for the Management Server/Master Management Server Certificate Issuance)

Functional Specification

Create a certificate issuance application to the certificate authority. The key generation algorithm is "RSA".

Execute this command on the Management Server/Master Management Server.

Command Format

DTKSVMakeCSR.exe -file filePath -validity validityPeriod -CN FQDNOrIpAddress -OU organizationUnit -O organizationName [-L cityName, area] [-ST state, locality] -C countryName [-keysize sizeOfKeyToBeGenerated] [-sigalg signatureAlgorithm] -certfile certificateFileName

Generating a Server Certificate from an Application for Certificate Issuance (when connecting Windows clients (CT) via the Internet)

DTKSVMakeCSR.exe -file2 certIssuanceApplicationFilePath -certfile2 serverCertFileName

Option

-file

Specify the output file path of the application. (Mandatory)

-validity

Specify the validity period in the range of 1 to 36500 days. (Mandatory)

-CN

Specify Server name or IP address of the (integrated) Management Server to connect to in the client (CT) in FQDN or IP address format. (Mandatory)

-OU

Specify the organization unit. (Mandatory)

-O

Specify the organization name. (Mandatory)

-L

Specify the name of the city and area. (Optional)

If you omit this option, the name of the city and area will not be set.

-ST

Specify the name of the state and locality. (Optional)

If you omit this option, the name of the state and locality will not be set.

-C

Specify the name of the country. (Mandatory)

Enter "JP" for Japan.

-keysize

Specify the size of the key to be generated. (Optional)

The maximum value is "8192". The minimum value depends on the signature algorithm.

If you omit this option, the value "2048" will be set.

-sigalg

Specify the signature algorithm. (Optional)

If you omit this option, the value "SHA256withRSA" will be set.

Refer to the signature algorithm of the Java keytool command for details on the signature algorithm.

-certfile

Specify the file name when generating the server certificate by using the generated certificate issuance application. (Mandatory)

The same file name as the one specified in the -file option cannot be specified.

-file2

Specify the output file path for the Relay Server certificate issuance application, when connecting to Windows clients (CT) via the Internet. (Mandatory)

-certfile2

Specify the file name for generating a server certificate using a certificate issuance application that was generated by the Relay Server, when connecting to Windows clients (CT) via the Internet. (Mandatory)

The same file name as the one specified in -file2 option cannot be specified.

Confirm with the certificate authority about each input item.

Note

  • Option values containing spaces must be enclosed in halfwidth quotation marks (").

  • If you run this command for multiple times, only the last application is considered as valid. The previous applications are considered as invalid.

  • If the FQDN specified in the -CN option does not match the "server name or IP address of the (Master) Management Server to connect to", an error will occur during certificate verification.

Return Value

0:

Ended normally

Other:

Ended abnormally

Location for Saving Commands

mgmtServerInstallFolder\bin

Authority Required for Execution/Execution Environment

Examples of Use

Example: Output the application to c:\temp\dtk.csr and to output the server certificate to c:\temp\dtk.cer

Name of the company: DTK Corporation

Address: Chuo-ku, Tokyo

Domain name: dtk.co.jp

Validity period: 3650 (days)

Server name/IP address: SV1.dtk.co.jp (*1)

Organization unit: Sales department

Name of the organization: DTK K.K.

Name of the city: Chuo-Ku

Area: Tokyo

Name of the country: JP

Size of the key to be generated: 2048

Signature name algorithm: SHA256withRSA

DTKSVMakeCSR.exe -file c:\temp\dtk.csr -validity 3650 -CN SV1.dtk.co.jp -OU "Sales department" -O "DTK K.K." -L Chuo-Ku -ST Tokyo -C JP -keysize 2048 -sigalg SHA256withRSA -certfile c:\temp\dtk.cer

*1: When the computer name in the application is SV1


Example: When generating a server certificate for c:\temp\dtk.cer using a certificate issuance application that was generated by the Relay Server, when connecting to Windows clients (CT) via the Internet.

DTKSVMakeCSR.exe -file2 c:\temp\dtk.csr -certfile2 c:\temp\dtk.cer

Execution Results/Output Format

success