| Apache + 2 |
|
| Generate a Certificate Signing
Request — CSR |
Follow these instructions to generate a CSR for your Web site. When you have completed this process, click the
Close button above to close this window and continue to the next step. OpenSSL is the open source project that replaced SSLeay. If you are using SSLeay on your system instead of OpenSSL, substitute ssleay with openssl for the commands.
If you have not already set up a secure virtual host or would like to learn more about SSL, refer to the following link for more information:
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#installation
Please note that the examples below use the following naming conventions:
- Your Private Key = domainname.key
- Your Web Server Certificate = domainname.crt
- Install OpenSSL, if not found on your server. Please note that
the OpenSSL version should match your Apache version.
- Create a RSA private key for your Apache server, with triple-DES encryption and
PEM-formatted:
openssl genrsa -des3 -out domainname.key 1024
Warning: Backup this key and its passphrase. If you lose the private key or forget its
passphrase, you must purchase another certificate.
- You could also create a private key without triple-DES encryption:
openssl genrsa -out domainname.key 1024
You can view the contents of the private key by using the following command:
openssl rsa -noout -text -in domainname.key
The private key text should begin with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.
- Now create a Certificate Signing Request using the RSA private key created above
output will be PEM format:
openssl req -new -key domainname.key -out domainname.csr
Please note that you will be prompted for your PEM passphrase if you included the "-des3" switch in step 3.
- When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters cannot be accepted:
< > ~ ! @ # $ % ^ * / \ ( ) ? . , &
Distinguished
Name
Field |
Explanation |
Example |
|
Common Name |
The fully qualified domain name for your web server. This must be
an exact match. |
If you intend to secure the URL https://www.supralink.com/,
then your CSR's common name
must be www.supralink.com. |
|
Organization |
The exact legal name of your organization. Do not abbreviate your
organization name. |
SupraLink |
|
Organization Unit |
Section of the organization.
|
Marketing
|
|
City or Locality
|
The city where your organization is legally located.
|
Montréal
|
|
State or Province
|
The state or province where your organization is legally located.
Cannot be abbreviated.
|
Quebec
|
|
Country
|
The two-letter ISO abbreviation for your country.
|
CA |
- You will be prompted for extra attributes, such as a challenge password and optional company
name. We recommend you leave these attributes empty by hitting
Enter.
- You can verify the contents of your CSR by using the following command:
openssl req -noout -text -in domainname.csr
-
Submit your CSR to SupraLink - you will be asked to complete the agreement and the enrollment form as well.
Innovating Information Security
SupraLink, in partnership with GeoTrust, the leading provider of next
generation information security services, delivers secure e-commerce
transactions, identity verification and authentication solutions to
the global web community. SupraLink ensures a new level of
e-business security — your first step toward leveraging the full
business potential of the Internet.
|