Generate a Certificate Signing Request
(CSR) for an SSL Certificate from RapidSSL.com
Apache SSL
Follow these instructions to generate a CSR for your Web site.
When you have completed this process, you will have a CSR ready to submit to
RapidSSL.com in order to be generated into a SSL Security Certificate.
OpenSSL is the open source project that replaced SSLeay. If
you are using SSLeay on your system instead of OpenSSL, substitute ssleay with
openssl for the commands.
- Install OpenSSL, if not found on your server.
- Create a RSA key for your Apache server:
cd /apacheserverroot/conf/ssl.key (ssl.key is
the default key directory.)
If you have a different path, cd to your server’s private
key directory
- Type the following command to generate a private
key that is file encrypted. You will be prompted for the password to access
the file and also when starting your webserver: Warning:
If you lose or forget the passphrase, you must purchase another certificate.
openssl genrsa -des3 -out domainname.key 1024
You could also create a private key without file encryption:
openssl genrsa -out domainname.key 1024
Note: We recommend that you name the
private key using the domain name that you are purchasing the certificate
for ie domainname.key
- Type the following command to
create a CSR with the RSA private key (output will be PEM format):
openssl req -new -key domainname.key -out domainname.csr
* Note: You will be prompted for your PEM passphrase if
you included the "-des3" switch in step 3.
- When creating a CSR you must follow these conventions.
Enter the information to be displayed in the certificate. The following characters
can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&
DN Field
|
Explanation
|
Example < /h4>
|
| Common Name |
The fully qualified domain
name for your web server. This must be an exact match. |
If you intend to secure the
URL https://www.yourdomain.com, then your CSR's common name must be
www.yourdomain.com. |
| Organization |
The exact legal name of your
organization. Do not abbreviate your organization name. |
RapidSSL.com |
| Organization Unit |
Section of the organization
|
Marketing |
| City or Locality |
The city where your organization
is legally located. |
Wellesley Hills |
| State or Province |
The state or province where
your organization is legally located. Can not be abbreviated. |
Massachusetts |
| Country |
The two-letter ISO abbreviation
for your country. |
US |
- Do not enter extra attributes at the prompt.
Warning: Leave the challenge password blank (press enter)
Note: If you would like to verify
the contents of the CSR, use the following command:
openssl req -noout -text -in domainname.csr
- Submit your CSR to RapidSSL.com using the online application
pages.
Create a backup of your private key!
Make a copy of the private key file
(domainname.key) generated in step 3 and store it in a safe place! If you
lose this file, you must purchase a new certificate.
* The private key file should begin with (when using a text
editor)
-----BEGIN RSA PRIVATE KEY----- and end with -----END RSA
PRIVATE KEY-----.
To view the contents of the private key, use the following
command:
openssl rsa -noout -text -in domainname.key
|
Mon - 08 Sep 2008, 2:09
