Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A Guide for WildCard SSL CSR Generation from RapidSSLonline.com

917 views

Published on

A step by step guidance of WildCard SSL Certificate Signing Request (CSR) generation from Platinum Certificate Authority RapidSSLonline.com

Published in: Technology
  • Login to see the comments

  • Be the first to like this

A Guide for WildCard SSL CSR Generation from RapidSSLonline.com

  1. 1. 2013WildCard SSL CSR Generation Guide - www.RapidSSLonline.com https://www.rapidsslonline.com/ Jim Armstrong www.rapidsslonline.com 4/1/2013
  2. 2. WildCard SSL CSR Generation Guide - www.RapidSSLonline.comHow to Generate a WildCard SSL Certificate SigningRequest (CSR) for Apache + Mod SSL + OpenSSLDue to the vast number of emails, calls and live chat requests being received from SSLusers on a daily basis regarding Certificate Signing Request (CSR) generation, which isrequired in order to obtain a certificate from Certificate Authorities (CA), we havecompiled this guide.In this guide we will specifically address the process of obtaining a Certificate SigningRequest for Apache + Mod SSL + OpenSSL servers. Here we have included the easyand quick steps of CSR generation from the major Certificate Authorities (CAs) on theweb.In order to create a CSR users need two types of keys known as private and publickeys. Next, in order for the CSR to actually be generated all keys, password andcertificate must contain the same information before installing any certificate on theserver.The following is a step-by-step guide to WildCard SSL Certificate CSR generation fromRapidSSLonline.com who is a leading SSL provider and Platinum Partner of leading CAssuch as Symantec, GeoTrust, Thawte, and RapidSSL.Step1: Creation of the Private KeyHere, we have what is commonly known as the OpenSSL utility, which is mostly used inorder to generate the private key and CSR. The OpenSSL utility comes standard withany OpenSSL package and should be installed on the following path;/usr/local/ssl/binIf the OpenSSL utility package installed on a different path, please refer to theinformation below to adjust the OpenSSL package installation path.Enter the following commands at the prompt:opensslgenrsa -des3 -out <private key file name>.key 2048
  3. 3. WildCard SSL CSR Generation Guide - www.RapidSSLonline.comFor Illustration:The above command will raise a 2048 bit RSA private key and it will store at the filewww.myhostname.com.key.Key Note: All SSL Certificate CSRs must have 2048-bit key lengthIMPORTANT: When prompted with the password command be sure to enter asecure password that can also be remembered. This password will not only protect theprivate key but will be essential to the secure certificate as well. That being said, apassword that cannot be recalled is about as useless as any bad or unsecure password(i.e. 1234321, PASSWORD) out there.Key Note: To bypass the pass phrase requirement, omit the -des3 option whengenerating the private key. However if you choose to leave the private key unprotected,Symantec recommends access to the server be heavily restricted so that onlyauthorized server administrators can access or read the private key file.Step 2: Generation of the CSR (Certificate Signing Request)Enter the following command at prompt:opensslreq -new -key <private key file name>.key -out <csr file name>.csrFor Illustration:
  4. 4. WildCard SSL CSR Generation Guide - www.RapidSSLonline.comKey Note: If you are using OpenSSL on a Windows server you may be able to use thefollowing direct path to reach “openssl.cnf”:opensslreq -new -key <private key file name>.key -config "c:ApacheSoftware FoundationApache2.2confopenssl.cnf" -out <csr file name>.csrYou will then receive the following prompt for the X.509 attributes of the certificate:You must now enter the mandatory information of the organization in order to createthe CSR. The following is a basic overview of each requirement.Country Name: Enter the two letter code without punctuation of the respectivecountry (i.e. US, UK)State or Province: Enter the complete state name, please be sure to not abbreviateor shorten it. (i.e. New York, not NY)Locality or City: The Locality field is the city or town name, again,do not abbreviate.(i.e. Saint Petersburg, not St. Petersburg)Company: If the company or organization name has any symbol such as &, @, or *included within their name the symbol must be properly spelled out. Here are theillustrations of (i.e. AB & C Corporation would be AB and C Corporation)
  5. 5. WildCard SSL CSR Generation Guide - www.RapidSSLonline.comOrganizational Unit: This field is optional but, if provided, this information will serveas additional authentication for obtaining the certificate from the CA. But if you preferto skip this step, simply press enter on the keyboard.Common Name: The Common Name is the Host + Domain Name. The informationprovided here will look much like something along the lines of "*.company.com".Key Note: Do not try to add an email address, challenge password or an optionalcompany name when generating the CSR.At this point you will have successfully generated both your private and public keys. Theprivate key (www.hostname.com.key) is stored locally on the server and is employedfor decryption. The public key, in the form of a WildCard SSL Certificate SigningRequest (certrequest.csr), will be for certificate enrollment.To copy and paste the information into the enrollment form, open the file in a texteditor such as Notepad or Vi and save it as a .txt file. Do not use Microsoft Word as itwill insert extra hidden characters that will alter the contents of the CSR rendering ituseless.For information regarding the WildCard SSL Certificate Signing Request for another webserver not described about please click here.The World Most Trusted SSL Certificate Sourcehttps://www.rapidsslonline.com/

×