Requesting the Client Certificate

  1. Generate a certificate signing request (CSR) with OpenSSL:

    openssl req -out igel_tc.csr -new -newkey rsa:2048 -nodes -keyout igel_tc.key

    This produces the following files:

    Example for the creation of a certificate request:

Generating a 2048 bit RSA private key

.................................+++

.................................+++

writing new private key to 'igel_tc.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:DE

State or Province Name (full name) [Some-State]:Augsburg

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:IGEL Technology GmbH

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:igeltc

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

It is also possible to create a so called wildcard certificate. A wildcard certifcate contains a possible common name including a * character. It can be used for all thin clients.

Wildcard SSL certs could cause a security issue.

  1. Go back to the welcome page of the Windows server.
  2. Select the task Request a certificate.

    The Request a Certificate mask opens:

    Request a Certificate

  3. Click advanced certificate request.

    The Submit a Certificate Request or Renewal Request mask opens:

    Submit a Certification Request

  4. Copy the plain text content of the .csr-file into the Saved Request input field.
  5. Choose Web Server under Certificate Template.
  6. Click Submit.

    The Certificate Issued screen opens:

    Certificate Issue

  7. Choose Base 64 encoded.
  8. Click Download certificate.

    You receive a file with the public certificate for your thin clients.