Multi‐ServiceBusinessGateways
VoIPMediaGateways
SIPProtocol
February
2011
Document#LTRT‐30900
TechnicalNote
GeneratingaCertificateSigningRequest
(CSR)usingOpenSSL
Technical Note Contents
Document #: LTRT-30900 3 February 2011
Table of Contents
1 Introduction ......................................................................................................... 7
2 Generating the Private Key ................................................................................ 9
Technical Note 4 Document #: LTRT-30900
Generating CSR using OpenSSL
List of Figures
Figure 1-1: Generated CSR by AudioCodes Device ................................................................................ 7
Figure 2-1: OpenSSL CSR Generation Script .......................................................................................... 9
Figure 2-2: Open SSL Generated CSR Ouput ....................................................................................... 10
Figure 2-3: Loading Private Key to the Gateway ................................................................................... 10
Technical Note Notices
Document #: LTRT-30900 5 February 2011
Notice
This document describes the procedure for Generating a Certificate Signing Request (CSR)
using OpenSSL.
Information contained in this document is believed to be accurate and reliable at the time of
printing. However, due to ongoing product improvements and revisions, AudioCodes cannot
guarantee the accuracy of printed material after the Date Published nor can it accept
responsibility for errors or omissions. Updates to this document and other documents as well
as software files can be viewed by registered customers at
http://www.audiocodes.com/downloads.
© Copyright 2011 AudioCodes Ltd. All rights reserved.
This document is subject to change without notice.
Date Published: February-22-2011
Trademarks
AudioCodes, AC, AudioCoded, Ardito, CTI2, CTI², CTI Squared, HD VoIP, HD VoIP
Sounds Better, InTouch, IPmedia, Mediant, MediaPack, NetCoder, Netrake, Nuera, Open
Solutions Network, OSN, Stretto, TrunkPack, VMAS, VoicePacketizer, VoIPerfect,
VoIPerfectHD, What's Inside Matters, Your Gateway To VoIP and 3GX are trademarks or
registered trademarks of AudioCodes Limited. All other products or trademarks are
property of their respective owners. Product specifications are subject to change without
notice.
WEEE EU Directive
Pursuant to the WEEE EU Directive, electronic and electrical waste must not be disposed
of with unsorted waste. Please contact your local recycling authority for disposal of this
product.
Customer Support
Customer technical support and service are provided by AudioCodes' Distributors,
Partners, and Resellers from whom the product was purchased. For Customer support for
products purchased directly from AudioCodes, contact support@audiocodes.com
.
Abbreviations and Terminology
Each abbreviation, unless widely used, is spelled out in full when first used.
Technical Note 6 Document #: LTRT-30900
Generating CSR using OpenSSL
Reader’s Notes
Technical Note 1. Introduction
Document #: LTRT-30900 7 February 2011
1 Introduction
The objective of this document is to describe how to generate a certificate signing request
(CSR) and Private Key, using OpenSSL.
The procedure for generating a CSR for creating a server certificate as described in the
relevant AudioCodes gateway (hereafter referred to as device) User's Manual is in most
cases, sufficient. Typically, companies use their internal certificate server (e.g., Microsoft
‘certsrv’) to sign and generate a CSR.
In scenarios where the user decides to use a third-party CA to sign and create the
certificate, the CSR generated by AudioCodes device alone may contain insufficient
information to warrant a “valid” certificate. AudioCodes device generates only a CSR
containing the “Common Name” attribute, as shown in the figure below.
Figure 1-1: Generated CSR by AudioCodes Device
Therefore, in such cases, you can use the freely available software, OpenSSL
(http://www.openssl.org/
) to generate a new private key and CSR. The generated private
key and CSR contains additional details that are suitable for third-party verification.
Technical Note 8 Document #: LTRT-30900
Generating CSR using OpenSSL
Reader’s Notes
Technical Note 2. Generating the Private Key
Document #: LTRT-30900 9 February 2011
2 Generating the Private Key
To generate the private key using OpenSSL, follow the procedure below.
¾ To generate a new private key and CSR, using OpenSSL:
1. Specify the following command to create a new private key and CSR at the same
time:
openssl req -out <csr filename> -new -newkey rsa:1024 -nodes -
keyout <private key filename>
where:
• <csr filename> contains the CSR data for certificate generation
• <private key filename> is the private key that later needs to be loaded to the
device (see Figure 2-3).
Whe
n the above command is run, a series of prompts are displayed requesting you to
input the appropriate values for the CSR. The values can be arbitrarily chosen, except
for the “Common Name”, which is the FQDN of AudioCodes device or the configured
AudioCodes gateway name. The RSA encryption used by AudioCodes device by
default is ‘1024’ bits; however, using the OpenSSL utility, you can specify ‘2048’ bits.
An example script generation is shown in the figure below.
Figure 2-1: OpenSSL CSR Generation Script
Technical Note 10 Document #: LTRT-30900
Generating CSR using OpenSSL
The generated CSR using the OpenSSL utility includes additional information such as
country, location, organization, etc., as shown in the figure below.
Figure 2-2: Open SSL Generated CSR Ouput
2. Load the generated private key to AudioCodes device:
a. Open the ‘Certificates Signing Request' page (Configuration tab > System
menu > Certificates).
b. Under the 'Send Private Key File…' group, click the Browse button and navigate
to select the file.
c. Click Send File to load the private key.
Figure 2-3: Loading Private Key to the Gateway
3. Save your changes and restart AudioCodes device.
For more information, refer to the relevant product User's Manual.
Technical Note 2. Generating the Private Key
Document #: LTRT-30900 11 February 2011
Reader's Notes
www.audiocodes.com
TechnicalNote
www.audiocodes.com
