home
English   日本語
icanniso

E-Commerce

 

CSR Generation

  1. Apache & Mod_SSL / OpenSSL
  2. Microsoft IIS 5.x / 6.x

1) Apache & Mod_SSL / OpenSSL

A CSR is a file containing your certificate application information, including your Public Key. To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command :

openssl req -new -nodes -keyout myserver.key -out server.csr

This creates a two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.

In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).

You will now be asked to enter details to be entered into your CSR. What you are about to enter is what is called a Distinguished Name or a DN. For some fields there will be a default value, If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]: GB
State or Province Name (full name) [Some-State]: Yorks
Locality Name (eg, city) []: York
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: mysubdomain.mydomain.com
Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request

A challenge password []:
An optional company name []:

Use the name of the webserver as Common Name (CN). If the domain name (Common Name) is mydomain.com append the domain to the hostname (use the fully qualified domain name).

The fields email address, optional company name and challenge password can be left blank for a webserver certificate.

 

Back to the top

2) Microsoft IIS 5.x / 6.x

A CSR is a file containing your IIS SSL certificate application information, including your Public Key. Generate keys and Certificate Signing Request:

  • Select Administrative Tools
  • Start Internet Services Manager

  • Open the properties window for the website the CSR is for. You can do this by right clicking on the Default Website and selecting Properties from the menu
  • Open Directory Security by right clicking on the Directory Security tab
  • Click Server Certificate.
  • Click Create a new certificate and click Next.
  • Select Prepare the request and click Next.
  • Provide a name for the certificate, this needs to be easily identifiable if you are working with multiple domains. This is for your records only.
  • If your server is 40 bit enabled, you will generate a 512 bit key. If your server is 128 bit you can generate up to 1024 bit keys. We recommend you stay with the default of 1024 bit key if the option is available. Click Next
  • Enter Organisation and Organisation Unit, these are your company name and department respectively. Click Next.
  • The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your IIS SSL Certificate, e.g. the area of your site you wish customers to connect to using SSL. For example, an Instant SSL Certificate issued for mydomain.com will not be valid for secure.mydomain.com. If the web address to be used for SSL is secure.mydomain.com, ensure that the common name submitted in the CSR is secure.mydomain.com. Click Next.
  • Enter your country, state and city. Click Next.
  • Enter a filename and location to save your CSR. You will need this CSR to enroll for your IIS SSL Certificate. Click Next.
  • Check the details you have entered. If you have made a mistake click Back and amend the details. Be especially sure to check the domain name the Certificate is to be "Issued To". Your IIS SSL Certificate will only work on this domain. Click Next when you are happy the details are absolutely correct.
  • When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form - including
    -----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST-----
  • Click Next
  • Finish

To save your private key:
Go to: Certificates snap in in the MMC
Select Requests
Select All tasks
Select Export

We recommend that you make a note of your password and backup your key as these are known only to you, so if you loose them we can't help! A floppy diskette or other removable media is recommended for your backup files.

ssl cert

Back to the top

 

Copyright © 2000-2009 IP Mirror Private Limited. All rights reserved.