Request a certificate for KC Plug-In using OpenSSL

In this example, we are using OpenSSL to generate a certificate for KC Plug-In.

  1. Use OpenSSL to request a certificate (assuming Windows binary distribution of OpenSSL):
    1. Generate an RSA private key.
      C:\Openssl\bin\openssl.exe genrsa -out my_key.key 2048

      This command generates a private key file with the file name my_key.key and the key length of 2048 bits.

    2. Generate a Certificate Signing Request (CSR).
      C:\Openssl\bin\openssl.exe req -new -key my_key.key -out my_request.csr -config C:\Openssl\bin\openssl.cnf

      This command uses the my_key.key to create the CSR my_request.csr.

    3. Generate a self-signed public certificate based on the request.
      C:\Openssl\bin\openssl.exe x509 -req -days 3650 -in my_request.csr -signkey my_key.key -out my_cert.crt

      This command uses the private key and certificate signing request to create a self-signed public certificate (my_cert.crt).

    4. Generate a PKCS#12 file.
      C:\Openssl\bin\openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in my_cert.crt -inkey my_key.key -out my_pkcs12.pfx -name "my-name"
  2. Start Certificates MMC Snap-In for computer account:
    1. Start MMC, for example, by running mmc.exe from the Start menu.
    2. On the File menu, select Add/Remove Snap-In.
    3. Click Add and select Certificates. Click Add again.
    4. Select Computer account. Click Next.
    5. Select Local computer. Click Finish.
    6. Click Close, and click OK.
  3. Install the certificate to the Personal\Certificates folder for computer account.
  4. Display the details of the certificate and copy the value of its thumbprint into KC Plug-In configuration. See Configure KC Plug-In web service interface.
  5. Restart KC Plug-In.