A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrolment process:
Go into the directory that you are going to generate your key pairs in.
e.g. /usr/local/apache/conf/ssl.key/ or /etc/httpd/conf/ssl.key/
To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "myserver", use the following command :
openssl req –new –nodes -keyout myserver.key –out myserver.csr
This creates a two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.
In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key wil be needed later when installing the certificate issued to you in response to submitting your Certificate Signing Request (CSR).
You will be presented with the following or similar text and prompts:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is called a Distinguished Name or a DN,
There are quite a few fields but you can leave some blank
For some fields there will be a drfault value,
If you enter '.' the field will be left blank
You will then be prompted to enter details to be entered into your CSR.
For some fields there will be a default value, If you enter '.' (a
full-stop or period), the field will be left blank.
Use the use the fully qualified domain name of the webserver as the Common Name (CN). E.g. if the domain name is trustis.com append the domain to the subdomain name by which the webserver will be addressed (e.g. www.trustis.com ).
The fields email address, optional company name and challenge password should be left blank for a webserver certificate.
Country Name (2 letter code) [AU]: GB
State or Province Name (full name) [Some-State]: if desired - use YourCounty, otherwise use .
Locality Name (eg, city) []: if desired - use YourCity, otherwise use .
Organization Name (eg, company) [Internet Widgits Pty Ltd]: e.g. Frimley Park Hospital NHS Trust
Organizational Unit Name (eg, section) []: if desired - e.g. YourDepartment, otherwise use .
Common Name (eg, YOUR name) []: fully qualified domain name e.g. www.trustis.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Your CSR will now have been created. Open the myserver.csr in a text editor and copy and paste the contents into the online enrolment form when requested.
Copyright © Trustis Limited 2010. All
Rights Reserved
This document is licensed for use only in conjunction with the use of Trustis Trust
Services