I can`t remember anything, so I’m recording

Setting Up HTTPS Access to Prime Infrastructure 3.1

HTTPS access to Prime 3.1

Official guide tells us how to generate CSR:

# ncs key genkey -newdn -csr CSRFile .csr repository defaultRepo 

When you generate Certificate Signing Request(CSR) you should know that Prime Infrastructure does not include subjectAltName and Google Chrome will tell you about this:

subject ALT name missed



Every man is master of his happines- therefore we take openssl and make CSR yourself.

Action plan for green filed(for certificate with subject AlltName) in address string:
1.Generate CSR:

You need to have config file for request+key(can be empty)

1.1 touch inf.cnf:

FQDN = full.qualified.server.name

ORGNAME = Company Name


[ req ]
default_bits = 2048
default_md = sha256
prompt = no
encrypt_key = no
distinguished_name = dn
req_extensions = req_ext

[ dn ]
C = CH

[ req_ext ]

1.2 touch inf.key (chmod 600 inf.key) – can be empty.

#openssl req -new -config /home/user/inf.cnf -keyout inf.key -out inf.csr

2. Request with CSR file inf.csr at CA your valid web-certificate for Prime Infrastructure.

3. Copy certificate file to Prime Infrastructure and import signed certificate:

#copy ftp://your.ftp.server/ inf.p7b disk:defaultRepo

#ncs key importsignedcert inf.p7b repository defaultRepo

4. To activate the CA-signed certificate, restart Prime Infrastructure:

#application stop NCS

#application start NCS

Leave a Reply

Your e-mail address will not be published. Required fields are marked *