Home Products Partners Support About us Contact

   Home
   Login
   Products
   Partners
   Support
     Browerscompability
     Certificate Replacement
     Certificate Signing Request
     Manuals
       AEP
       Apache
         Apache HTTP Server
           Generate CSR
           Install certificate
       Apple
       Barracuda
       BEA
       C2Net
       Cisco
       Citrix
       Cobalt
       Courier
       cPanel
       Cyrus
       DirectAdmin
       DoveCot
       Ensim
       F5
       GlobalScape
       Google
       H-Sphere
       IBM
       Intel
       InterWorx
       Ipswitch
       ISPConfig
       Java
       Kerio
       Lighttpd
       Litespeed
       Lotus
       Mailtraq
       Microsoft
       NETASQ
       Netgear
       Netscreen
       NetWin
       Nortel
       Novell
       Open-Xchange
       OpenSSL
       Parallels
       Plesk
       qmail
       RedHat
       Sendmail
       SonicWall
       Sun
       SUN-Netscape
       Sybase
       Tomcat
       UW-IMAP
       WatchGuard
       WebSite Pro
       WebSTAR
       Zeus
       Zope
     Test your CSR
   About us
   Contact










Search:
  
Dutch French

Generating a Certificate Signing Request (CSR) using Apache Mod_SSL / OpenSSL

A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrollment process. More information on OpenSSL and the most used OpenSSL commands are listed here.

Generate keys and CSR:


To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command :

 

openssl req –new –nodes -keyout myserver.key –out server.csr

This creates a two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.

You will now be asked to enter details into your CSR.

What you are about to enter is what is called a Distinguished Name or a DN.

For some fields there will be a default value, If you enter '.', the field will be left blank.

----- 
Country Name (2 letter code) [AU]: GB
State or Province Name (full name) [Some-State]: Yorks
Locality Name (eg, city) []: York
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: mysubdomain.mydomain.com
Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request

A challenge password []: 
An optional company name []:
-----

Use the name of the webserver as Common Name (CN). If the domain name is mydomain.com append the domain to the hostname (use the fully qualified domain name).

The fields email address, optional company name and challenge password can be left blank for a webserver certificate.

Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.

-----BEGIN CERTIFICATE REQUEST-----
MIICCDCCAXECAQAwgccxCzAJBgNVBAYTAk5MMRYwFAYDVQQIEw1Ob29yZC1Cc
YW50MRMwEQYDVQQHEwpSb29zZW5kYWFsMRwwGgYDVQQKExNOZXR3b3JraW5nN
................
IgxGL7Ev+RVknxVSvaJ7W1s5DZD6/Bsjfvjlda90/QoEWmPmLrK/2mIyWr6tQ
JEnga5gjRROfJuBraHqrJmsKyeaqqfZjQzGPAz21d9mdyDUq4lfr3FfvWRc=
-----END CERTIFICATE REQUEST-----

Note: be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).