Follow these instructions to generate a CSR for your Web site. When you have completed this process, click the “close” button below to close this window and continue to the next step. OpenSSL is the open source project that replaced SSLeay. If you are using SSLeay on your system instead of OpenSSL, substitute ssleay with openssl for the commands.
- Install OpenSSL, if not found on your server.
- Create a RSA key for your Apache server:
If you have a different path, cd to your server’s private key directory
Type the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your webserver: Warning: If you lose or forget the passphrase, you must purchase another certificate.
openssl genrsa -des3 -out domainname.key 2048
openssl genrsa -out domainname.key 2048
openssl req -noout -text -in domainname.csr
Type the following command to create a CSR with the RSA private key (output will be PEM format):
openssl req -new -key domainname.key -out domainname.csr
- When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&
Common Name The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.geotrust.com, then your CSR’s common name must be www.geotrust.com. Organization The exact legal name of your organization. Do not abbreviate your organization name. GeoTrust Organization Unit Section of the organization Marketing City or Locality The city where your organization is legally located. Wellesley Hills State or Province The state or province where your organization is legally located. Can not be abbreviated. Massachusetts Country The two-letter ISO abbreviation for your country. US
- Do not enter extra attributes at the prompt.
- Submit your CSR to GeoTrust by clicking on , you will be asked to complete the agreement and the enrollment form as well.
-----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.
openssl rsa -noout -text -in domainname.key