Mariner Enterprises ISP HOSTING DESIGN Members Only

Generate a Certificate Signing Request (CSR)

About Our SSL Certificates
SSL PRATICES STATEMENT
Quick SSL FAQ

Generate SSL CSR Apache
SSL LINUX Apache Mod SSL INSTALL
Generate SSL CSR Microsoft IIS 4.0
SSL Install Microsoft IIS 4.0
Generate SSL CSR Microsoft IIS 5.0
SSL Microsoft IIS 5.0
Generate SSL CSR RAQ
SSL RAQ Install

Apache + ApacheSSL

Follow these instructions to generate a CSR for your Web site. When you have completed this process, click the "close" button below to close this window and continue to the next step. OpenSSL is the open source project that replaced SSLeay. If you are using SSLeay on your system instead of OpenSSL, substitute ssleay with openssl for the commands.

Install OpenSSL, if not found on your server.
Create a RSA key for your Apache server:

cd /apacheserverroot/conf/ssl.key (ssl.key is the default key directory.)

If your have different setting, cd to your server’s private key directory
Type the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your webserver:

Warning: If you lose or forget the passphrase, you must purchase another certificate.

openssl genrsa -des3 -out domainname.key 1024

Creating a private key without file encryption:

openssl genrsa -out domainname.key 1024

Note: We recommend that you name the private key using the domain name that you are purchasing the certificate for ie domainname.key.

Type the following command to create a CSR with the RSA private key (output will be PEM format):

$openssl req -new -key domainname.key -out domainname.csr

* Note: You will be prompted for your PEM passphrase if you included the "-des3" switch in step 3.>

When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

DN Field

Explanation

Example

Common Name

The fully qualified domain name for your web server. This must be an exact match.

If you intend to secure the URL https://www.geotrust.com, then your CSR's common name must be www.geotrust.com.

Organization

The exact legal name of your organization. Do not abbreviate your organization name.

GeoTrust

Organization Unit

Section of the organization

Marketing

City or Locality

The city where your organization is legally located.

Wellesley Hills

State or Province

The state or province where your organization is legally located. Can not be abbreviated.

Massachusetts

Country

The two-letter ISO abbreviation for your country.

US

Do not enter extra attributes at the prompt.

Warning: Leave the challenge password blank (press )

Note: If you would like to verify the contents of the CSR, use the following command:

$ openssl req -noout -text -in domainname.csr
Submit your CSR to GeoTrust by clicking on , you will be asked to complete the agreement and the enrollment form as well.

Create a backup of your private key!

Make a copy of the private key file (domainname.key) generated in step 3 and store it in a safe place! If you lose this file, you must purchase a new certificate.

* The private key file should begin with (when using a text editor)

-----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.

To view the contents of the private key, use the following command:

$ openssl rsa -noout -text -in domainname.key

Mariner Enterprises

Mariner Enterprises
1270 Taramore Dr
Suwanee, Ga. 30024
1.800.438.6894 - +1.770.232.7646
All logos and trademarks in this site are:
© 1998/2003 by LSYF/YOA- © 2004/ 2005 by Mariner Enterprises

Hosting and Design by Mariner Enterprises.