After this prompt, you are asked to enter one-by-one various piece of information for the CSR file (country,
state, city, organization, Common Name, and email address). Below, you can see examples of data you can
enter:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:Folsom
Organization Name (eg, company) [Internet Widgits Pty
Ltd]:California ISO
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:RIG
Email Address []:RIG@example.com
Note: This creates a CSR with a DN consisting of CN, OU, O, L, ST, and C. If you want something else it
will require changes to the openssl config file.
After you enter the above information, you are prompted to enter the following 'extra' attributes to be sent
with your certificate request:
A challenge password []:
An optional company name []:
You have now created your CSR file.
Submit the CSR with the DCRF spreadsheet as described above to the CAISO Service Desk
(ServiceDesk@caiso.com). The CAISO CA will create and sign the certificate. Before you can use the
certificate, you will need to import the CAISO root and issuing CA certificates into your keystore. You may
download this certificate chain from the CAISO Application Access page, or by following instructions in the
Receipt & Installation section below.
Java Keytool
A system that has Java installed might have a utility called Keytool for creating and administering a
keystore. A keystore is a repository of keys. In the case of using Keytool to create a CSR, we must first
create a new keystore for that purpose alone.
The following command creates a new Java keystore called myDeviceKeyStore. It specifies RSA for the key
algorithm and a keysize of 2048. The ‘dname’ parameter specifies the value of the key’s Common Name
(CN); this value will be included with the CSR and will become the certificate’s CN also. You will be
prompted to provide a keystore passphrase that you will need every time you open the keystore or use it to
create a CSR.
Keytool -keystore myDeviceKeyStore -genkey -alias
myDeviceKey -keyalg RSA -keysize 2048 –dname
"cn=mydevice.example.com"
Now that we have created the Java keystore, we can use it to create a CSR. We specify that the CSR
should be signed using the SHA256 algorithm with RSA.
Keytool -keystore myDeviceKeyStore -certreq -alias
myDeviceKey -file myDevice.csr -sigalg SHA256WithRSA