Demonstration of securing the CAS web management console with a certificate you import.
The steps below are shown with openssl and Microsoft PKI to accomplish this task:
1. Generate RSA key (private key) for certificate, and certificate signing request:
openssl req -out server.csr -new -newkey rsa:2048 -nodes -keyout server.key
2. Take the CSR, and sign with Microsoft PKI with basic Web Server signing request. Download the Chain in base64 format.
3. Take newly generated p7b file, and generate a crt file
openssl pkcs7 -print_certs -in certnew.p7b -out certnew.crt
Note: This file still doesn't contain the key.. so we need to include it
4. Use the crt file in conjunction with generated key to convert to pkcs12:
openssl pkcs12 -export -out cert.p12 -inkey server.key -in certnew.crt
5. Import into CAS with the password generated in step 4.
Note: These steps are not the only way to approach the signing and importing a certificate.
These steps only demonstrate the use of openssl and Microsoft PKI system to accomplish the task
and provide the general idea of the steps necessary to import a certificate for the web management
console. Different tools will have different steps.
Private key, signed certificate and CA`s full chain needs to be part of the PKCS12