Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to your provider in order to be generated into a SSL Security Certificate.
1. Create a RSA key for your Apache server:
cd /apacheserverroot/conf/ssl.key (ssl.key is the default key directory.)
If you have a different path, cd to your server’s private key directory
2. Enter the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your webserver:
openssl genrsa -des3 -out domainname.key 1024
Warning: If you lose or forget the passphrase, you will not be able to use the certificate.
You could also create a private key without file encryption if you do not want to enter the passphrase when starting your webserver:
openssl genrsa -out domainname.key 1024
Note: We recommend that you name the private key using the domain name that you are purchasing the certificate for ie domainname.key
3. Type the following command to create a CSR with the RSA private key (output will be PEM format):
openssl req -new -key domainname.key -out domainname.csr
Note: You will be prompted for your PEM passphrase if you included the "-des3" switch in step 3. When creating a CSR you must follow these conventions:
• Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ / \ ( ) ?.,&
• If you are applying for a wildcard certificate you must state * in place of the sub domain, for example *.yourdomain.com instead of www.yourdomain.com
You will now be prompted for information to include within the CSR:
| Country Name (2 letter code) [AU]: | US (must be two letter country code, note for United Kingdom the country code must be GB and NOT UK) |
| State or Province Name (full name) [Some-State]: | The state or province where your organization is legally located. This cannot be abbreviated and must be entered in full. |
| Locality Name (eg, city) []: | The city where your organization is legally located. |
| Organization Name (eg, company) [Internet Widgits Pty Ltd]: | The exact legal name of your organization. Do not abbreviate your organization name. |
| Organizational Unit Name (eg, section) []: | Section of the organization, such as Marketing or Web Development. |
| Common Name (eg, YOUR name) []: | The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.yourdomain.com, then your CSR's common name must be www.yourdomain.com. If you applying for a wildcard certificate to secure all sub domains on your domain, the common name must be *.yourdomain.com. |
| Email Address []: | Leave this field blank by just pressing return. |
| A challenge password []: | Leave this field blank by just pressing return. |
| An optional company name []: | Leave this field blank by just pressing return. |
4. If you would like to verify the contents of the CSR, use the following command:
openssl req -noout -text -in domainname.csr
5. Create a backup of your private key. If the private key is lost your CSR and Certificate will be invalid. Make a copy of the private key file (domainname.key) generated earlier and store it in a safe place! The private key file should begin with (when using a text editor):
-----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----
6. Your CSR will now have been created. Open the domainname.csr in a text editor and copy and paste the contents into the online enrollment form when requested.