How to Generate the CSR Token
Written by Soham Amburle
Updated on April 19th, 2023
- Getting Started
- Bot Building
- Smart Agent Chat
- Conversation Design
-
Developer Guides
Code Step Integration Static Step Integration Shopify Integration SETU Integration Exotel Integration CIBIL integration Freshdesk KMS Integration PayU Integration Zendesk Guide Integration Twilio Integration Razorpay Integration LeadSquared Integration USU(Unymira) Integration Helo(VivaConnect) Integration Salesforce KMS Integration Stripe Integration PayPal Integration CleverTap Integration Fynd Integration HubSpot Integration Magento Integration WooCommerce Integration Microsoft Dynamics 365 Integration
- Deployment
- External Agent Tool Setup
- Analytics & Reporting
- Notifications
- Commerce Plus
- Troubleshooting Guides
- Release Notes
You would need a CRS token, for acquiring ATLAS Web Service Partner Integration Service, in order to use the "cibil_loan_recommendation" Smart Skill on your bot.
Following are the steps involved in generating the CSR token -
Assumptions:
- Operating system: Red Had Enterprise Linux 6.x/7.x - Extended key usage is not configured in OpenSSL.
- root/sudo access is available to change the configuration files.
Step 1: Backup /etc/pki/tls/openssl.cnf
[root@hostname #] cd /etc/pki/tls/ [root@hostname tls] cp -rfv openssl.cnf openssl.cnf-backup
Step 2.1: Find the [req] section of openssl.cnf file, and modify it in order to match the following.
[ req ] default_bits = 1024 default_md = sha256 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert req_extensions = v3_req req_extensions = req_ext x509_extensions = usr_cert
Step 2.2: Find the [usr_cert] section of openssl.cnf file, and modify it in order to match the following.
[ usr_cert ] basicConstraints=CA:FALSE nsCertType = client, server, email keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer
Step 2.3: Find [v3_req] section of openssl.cnf file, and modify it in order to match the following.
extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment
Step 2.4: Find [req_ext]section of openssl.cnf file, and modify it in order to match the following.
[ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = yourAltDomain1.com DNS.2 = yourAltDomain3.com DNS.3 = yourAltDomain3.com
Step 3: Generate a private key.
Command:
openssl genrsa -des3 -out www.domain-name.com.key 2048 Sample--- [user@hostname ~]$ openssl genrsa -des3 -out www. domain-name.key 2048 Generating RSA private key, 2048 bit long modulus ...................+++ .........................+++ e is 65537 (0x10001)
Response:
Enter a pass phrase for www.domain-name.com.key:
Verifying - Enter pass phrase for www.domain-name.com.key:
Note:
You need to create the pass phrase which is a password used for the private key that we are creating. It is essential for security purposes so that there are no instances of unauthorized access or manipulations done on the private key.
Step 4: Generate CSR
Command:
openssl req -config /etc/pki/tls/openssl.cnf -new -key www. domain-name.com.key -out www. domain-name.com.csr Sample--- [user@hostname ~]$ openssl req -config /etc/pki/tls/openssl.cnf -new -key www. domain-name.com.key out www. domain-name.com.csr
Response:
Enter pass phrase for www.domain-name.com.key:
You will be asked to enter information that will be incorporated into your certificate request. It is called a Distinguished Name or a DN. There are a few fields where you need to provide data, and you can leave some blank. For some fields, there will be a default value, wherein if you enter '.', the field will be kept blank.
Sample:
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Maharashtra
Locality Name (eg, city) [Default City]: Mumbai
Organization Name (Company name): Company Ltd.
Organizational Unit Name (section): IT Support
Common Name (You can add your name or your server's hostname): www.xyz.com
Email Address: info@xyz.com
Please enter the following 'extra' attributes to be sent with your certificate request A
a challenge password []:
An optional company name []:
Note:
All the details mentioned in Step 4, are the ones that you will have to provide, and these will be added to your CSR Certificate. These are your company-specific details.
Step 5: Check CSR and ensure if the extended key usage is present.
[user@hostname ~]$ openssl req -in domainname.com.csr -text –noout
You should be able to see something similar -
Requested Extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection X509v3 Basic Constraints:
CA:FALSE
Note:
Step 5 is part of a test, in order to ensure the extended key usage is present. When you are running the command, and if you get the response as stated above, you are good to go.
Step 6: Check CSR and ensure if the SAN values are present.
[user@hostname ~]$ openssl req -in domainname.com.csr -text –noout | grep DNS
You should be able to see alternate domain names which you have provided in the openssl.cnf.
DNS: yourAltDomain1.com,
DNS: yourAltDomain2.com,
DNS: yourAltDomain3.com
Step 7: Share this CSR with TransUnion CIBIL.
Private Key and pass phrase are to be preserved and protected.
