How to Generate the CSR Token
If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.
- Getting Started
- Bot Building
- Conversation Design
Code Step Integration Static Step Integration Shopify Integration SETU Integration Exotel Integration CIBIL integration Freshdesk KMS Integration PayU Integration Zendesk Guide Integration Twilio Integration Razorpay Integration LeadSquared Integration USU(Unymira) Integration Helo(VivaConnect) Integration Salesforce KMS Integration Stripe Integration PayPal Integration CleverTap Integration Fynd Integration HubSpot Integration Magento Integration WooCommerce Integration Microsoft Dynamics 365 Integration
- Agent Setup
- Analytics & Reporting
- Commerce Plus
- Troubleshooting Guides
- Release Notes
You would need a CRS token, for acquiring ATLAS Web Service Partner Integration Service, in order to use the "cibil_loan_recommendation" Smart Skill on your bot.
Following are the steps involved in generating the CSR token -
- Operating system: Red Had Enterprise Linux 6.x/7.x - Extended key usage is not configured in OpenSSL.
- root/sudo access is available to change the configuration files.
Step 1: Backup /etc/pki/tls/openssl.cnf
[root@hostname #] cd /etc/pki/tls/ [root@hostname tls] cp -rfv openssl.cnf openssl.cnf-backup
Step 2.1: Find the [req] section of openssl.cnf file, and modify it in order to match the following.
[ req ] default_bits = 1024 default_md = sha256 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert req_extensions = v3_req req_extensions = req_ext x509_extensions = usr_cert
Step 2.2: Find the [usr_cert] section of openssl.cnf file, and modify it in order to match the following.
[ usr_cert ] basicConstraints=CA:FALSE nsCertType = client, server, email keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer
Step 2.3: Find [v3_req] section of openssl.cnf file, and modify it in order to match the following.
extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment
Step 2.4: Find [req_ext]section of openssl.cnf file, and modify it in order to match the following.
[ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = yourAltDomain1.com DNS.2 = yourAltDomain3.com DNS.3 = yourAltDomain3.com
Step 3: Generate a private key.
openssl genrsa -des3 -out www.domain-name.com.key 2048 Sample--- [user@hostname ~]$ openssl genrsa -des3 -out www. domain-name.key 2048 Generating RSA private key, 2048 bit long modulus ...................+++ .........................+++ e is 65537 (0x10001)
Enter a pass phrase for www.domain-name.com.key:
Verifying - Enter pass phrase for www.domain-name.com.key:
Step 4: Generate CSR
openssl req -config /etc/pki/tls/openssl.cnf -new -key www. domain-name.com.key -out www. domain-name.com.csr Sample--- [user@hostname ~]$ openssl req -config /etc/pki/tls/openssl.cnf -new -key www. domain-name.com.key out www. domain-name.com.csr
Enter pass phrase for www.domain-name.com.key:
You will be asked to enter information that will be incorporated into your certificate request. It is called a Distinguished Name or a DN. There are a few fields where you need to provide data, and you can leave some blank. For some fields, there will be a default value, wherein if you enter '.', the field will be kept blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) :Maharashtra
Locality Name (eg, city) [Default City]: Mumbai
Organization Name (Company name): Company Ltd.
Organizational Unit Name (section): IT Support
Common Name (You can add your name or your server's hostname): www.xyz.com
Email Address: email@example.com
Please enter the following 'extra' attributes to be sent with your certificate request A
a challenge password :
An optional company name :
Step 5: Check CSR and ensure if the extended key usage is present.
[user@hostname ~]$ openssl req -in domainname.com.csr -text –noout
You should be able to see something similar -
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection X509v3 Basic Constraints:
Step 6: Check CSR and ensure if the SAN values are present.
[user@hostname ~]$ openssl req -in domainname.com.csr -text –noout | grep DNS
You should be able to see alternate domain names which you have provided in the openssl.cnf.
Step 7: Share this CSR with TransUnion CIBIL.
Private Key and pass phrase are to be preserved and protected.