tencent cloud

Certificate Application CSR Generation Guide
Download PDF
Last updated:2025-04-10 00:41:07
Certificate Application CSR Generation Guide
Last updated: 2025-04-10 00:41:07
Download PDF

Overview

This document introduces the steps for generating a certificate signing request (CSR) for the corresponding Fabric blockchain network ECC Certificate. According to your actual situation, generate the CSR in the following ways:

Directions

ECC Certificate Application CSR

1. Go to OpenSSL official website, download OpenSSL and configure the installation.
2. download ecccsr tool and unzip.
3. Execute the following commands to generate the corresponding file.
sh ecccsr.sh
The command will generate the following four files:
user_ecc_sign.key: It corresponds to the private key of the user certificate. It needs to be securely stored and can be used in SDK.
user_ecc_sign.csr: Used to apply for a user certificate on the TBaaS Console.
user_ecc_tls.key: It corresponds to the private key of the user's TLS certificate. It needs to be securely stored and can be used in SDK.
user_ecc_tls.csr: Used to apply for a user TLS certificate on the TBaaS Console.

Tool Description

The following are the main commands used in the tool:
1. Generate the private key and CSR file corresponding to the user certificate
Generate key pair: The generated temp file is the private key corresponding to the user certificate.
openssl ecparam -name prime256v1 -genkey -out temp
Generate user certificate CSR file: The openssl_user.cnf file used in the command is included in the download tool.
openssl req -batch -config openssl_user.cnf -key temp -new -sha256 -out user_ecc_sign.csr
Convert private key format: Convert the generated temp private key to a pkcs#8 format user_ecc_sign.key file for subsequent configuration and identification in fabric-sdk.
openssl pkcs8 -topk8 -in temp -nocrypt -out user_ecc_sign.key
2. Generate the private key and CSR file corresponding to the user tls certificate.
Generate key pair: The generated temp file is the private key corresponding to the user tls certificate.
openssl ecparam -name prime256v1 -genkey -out temp
Generate user tls certificate CSR file: The openssl_user.cnf file used in the command is included in the download tool.
openssl req -batch -config openssl_user.cnf -key temp -new -sha256 -out user_ecc_tls.csr
Convert private key format: Convert the generated temp private key to a ser_ecc_tls.key file in pkcs#8 format, subsequently used for configuration and identification in fabric-sdk.
openssl pkcs8 -topk8 -in temp -nocrypt -out user_ecc_tls.key

Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback