LiquidFiles Documentation
LiquidFiles Documentation

Custom CSR

The builtin CSR generator in LiquidFiles will enable you to generate CSR with 2048 bit keys for either the current hostname or the current domain (wildcard certificate). If you wish to generate a certificate for another domain or with other parameters, you will need to generate a custom CSR to send to your CA.

If you want to generate a custom CSR with a different domain, please run the following command:

openssl req -out certificate.csr -new -newkey rsa:2048 -nodes -keyout certificate.key

The command will run through a series of certificate parameters such as country, location and so on. The only really important one is the Common Name (CN) which needs to match the hostname of the URL you wish to use. If the URL you whish to use is https://liquidfiles.company.com, the CN needs to be liquidfiles.company.com or *.liquidfiles.com if you want to generate a wildcard certificate.

When the command has completed, you will have two files — certificate.key and certificate.csr. You need to keep certificate.key safe and send certificate.csr to your CA. When you receive the signed certificate back from the CA, upload the certificate.key together with the signed certificate from the CA and the CA's Certificate chain as described in the Certificate Installation guide.

If you want to create a custom CSR with a 4096 bit key, you can run the following command:

openssl req -out certificate.csr -new -newkey rsa:4096 -nodes -keyout certificate.key

Please note that you don't have to run these OpenSSL commands on the LiquidFiles system. If you're more comfortable with Windows, run it on Windows. OpenSSL Windows binaries are available here: http://www.openssl.org/related/binaries.html.