APACHE OPENSSL CSR CREATION

To generate a Certificate Signing Request (CSR) for Apache HTTP Server, perform the following steps. They will enable you to get the CSR to complete the order process
STEP 1: GENERATING THE KEY PAIR

The utility “OpenSSL” is used to generate both Private Key (key) and Certificate Signing request (CSR). OpenSSL is usually installed under /usr/local/ssl/bin. If you have a custom install, you will need to adjust these instructions appropriately.

  1. Type the following command at the prompt in OpenSSL:
    genrsa –des3 –out www.mydomain.com.key 2048
    Note: If you do not wish to use a Pass Phrase, do not use the -des3 command. It will however leave the private key unprotected
  2. Enter the PEM Pass Phrase (This MUST be remembered)
  3. A 2048 RSA private key will be generated and stores in the file “www.mydomain.com.key”
STEP 2: GENERATING THE CSR
  1. Type the following command at the prompt in OpenSSL:
    req –new –key www.mydomain.com.key –out www.mydomain.com.csrNOTE: You will be prompted for the PEM Pass Phrase if you included the “-des3” command. Type it in now.

    NOTE: There is a known issue with Apache/OpenSSL Windows Based Installations. If you recieve an error with the above command, Please enter the following:
    req -new -key www.mydomain.com.key -out www.mydomain.com.csr -config openssl.cnf

  2. Input the information for the Certificate Signing Request. This information will be displayed in the certificate.Common Name – Must match the URL you plan to secure exactly – is usually your fully-qualified domain name (e.g. trustzone.dk or mail.trustzone.dk). Remember the www. Is important – include it if you want to secure https://www.yoursite.com & exclude it if you want to secure https://yoursite.com.
    Organization – The legal (officially registered) name of your organization/company include Inc., LLP., Pvt, Plc. Ltd. SARL., etc.
    Organizational unit – The name of your department within the organization (this is often “IT,” “Web,” or is just left blank).
    City/locality – The city or town in which your organization is located.
    State/province – The state in which your organization is located.
    Country – Click here for the official list of ISO country codes for this field. Note: DO NOT Enter the following: “Email Address”; “A challenge password” & ” An optional company name”
  3. Please verify the CSR, to insure all information is correct. Use the following command:
    req -noout -text -in www.mydomain.com.csr
  4. The CSR will now be created, and can be submitted via the website

You are now ready to submit your CSR for the certificate you wish to install.