Functional Specification
Create a certificate issuance application to the certificate authority. The key generation algorithm is "RSA".
Execute this command on the Management Server/Master Management Server.
Command Format
DTKSVMakeCSR.exe -file filePath -validity validityPeriod -CN FQDNOrIpAddress -OU organizationUnit -O organizationName [-L cityName, area] [-ST state, locality] -C countryName [-keysize sizeOfKeyToBeGenerated] [-sigalg signatureAlgorithm] -certfile certificateFileName
Generating a Server Certificate from an Application for Certificate Issuance (when connecting Windows clients (CT) via the Internet)
DTKSVMakeCSR.exe -file2 certIssuanceApplicationFilePath -certfile2 serverCertFileName
Option
Specify the output file path of the application. (Mandatory)
Specify the validity period in the range of 1 to 36500 days. (Mandatory)
Specify Server name or IP address of the (integrated) Management Server to connect to in the client (CT) in FQDN or IP address format. (Mandatory)
Specify the organization unit. (Mandatory)
Specify the organization name. (Mandatory)
Specify the name of the city and area. (Optional)
If you omit this option, the name of the city and area will not be set.
Specify the name of the state and locality. (Optional)
If you omit this option, the name of the state and locality will not be set.
Specify the name of the country. (Mandatory)
Enter "JP" for Japan.
Specify the size of the key to be generated. (Optional)
The maximum value is "8192". The minimum value depends on the signature algorithm.
If you omit this option, the value "2048" will be set.
Specify the signature algorithm. (Optional)
If you omit this option, the value "SHA256withRSA" will be set.
Refer to the signature algorithm of the Java keytool command for details on the signature algorithm.
Specify the file name when generating the server certificate by using the generated certificate issuance application. (Mandatory)
The same file name as the one specified in the -file option cannot be specified.
Specify the output file path for the Relay Server certificate issuance application, when connecting to Windows clients (CT) via the Internet. (Mandatory)
Specify the file name for generating a server certificate using a certificate issuance application that was generated by the Relay Server, when connecting to Windows clients (CT) via the Internet. (Mandatory)
The same file name as the one specified in -file2 option cannot be specified.
Confirm with the certificate authority about each input item.
Note
Option values containing spaces must be enclosed in halfwidth quotation marks (").
If you run this command for multiple times, only the last application is considered as valid. The previous applications are considered as invalid.
If the FQDN specified in the -CN option does not match the "server name or IP address of the (Master) Management Server to connect to", an error will occur during certificate verification.
Return Value
Ended normally
Ended abnormally
Location for Saving Commands
mgmtServerInstallFolder\bin
Authority Required for Execution/Execution Environment
Execute this command as a user that belongs to the Administrators group of the local computer or a user that belongs to the Domain Admins group of the domain.
Examples of Use
Example: Output the application to c:\temp\dtk.csr and to output the server certificate to c:\temp\dtk.cer
Name of the company: DTK Corporation
Address: Chuo-ku, Tokyo
Domain name: dtk.co.jp
Validity period: 3650 (days)
Server name/IP address: SV1.dtk.co.jp (*1)
Organization unit: Sales department
Name of the organization: DTK K.K.
Name of the city: Chuo-Ku
Area: Tokyo
Name of the country: JP
Size of the key to be generated: 2048
Signature name algorithm: SHA256withRSA
DTKSVMakeCSR.exe -file c:\temp\dtk.csr -validity 3650 -CN SV1.dtk.co.jp -OU "Sales department" -O "DTK K.K." -L Chuo-Ku -ST Tokyo -C JP -keysize 2048 -sigalg SHA256withRSA -certfile c:\temp\dtk.cer
*1: When the computer name in the application is SV1
Example: When generating a server certificate for c:\temp\dtk.cer using a certificate issuance application that was generated by the Relay Server, when connecting to Windows clients (CT) via the Internet.
DTKSVMakeCSR.exe -file2 c:\temp\dtk.csr -certfile2 c:\temp\dtk.cer
Execution Results/Output Format
success