Welcome to Global Trust 256 bit SSL Security Site.

  現在位置 : 技術資源 > 知識庫FAQ > SSL 憑證 > GlobalSign > 產生CSR > Certificate Signing Request Generation - ApacheSSL / Apache+OpenSSL

技術 / 資訊搜尋 

Certificate Signing Request Generation - ApacheSSL / Apache+OpenSSL

To generate a Certificate Signing Request (CSR), perform the following steps:

Generating the Key Pair

1. The utility "OpenSSL" is used to generate both Private Key (key) and Certificate Signing request (CSR). OpenSSL is usually installed under /usr/local/ssl/bin. If you have a custom install, you will need to adjust these instructions appropriately.

2. Type the following command at the prompt:

openssl genrsa –des3 –out www.mydomain.com.key 1024

Note: If you do not wish to use a Pass Phrase, do not use the -des3 command. It will however leave the private key unprotected.

3. Enter the PEM Pass Phrase (This MUST be remembered)

4. This will generate a 1024 RSA Private key, and stores it in the file www.mydomain.com.key.

Generating the CSR

1. Type the following command at the prompt:

openssl req –new –key www.mydomain.com.key –out www.mydomain.com.csr

Note: You will be prompted for the PEM Pass Phrase if you included the "-des3" command. Type it in now.

NOTE: There is a known issue with Apache/OpenSSL Windows Based Installations. If you recevie an error with the above command, Please enter the following:
openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr -config openssl.cnf

2. Input the information for the Certificate Signing Request. This information will be displayed in the certificate.

Note: The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:London
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Global Sign
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:www.globalsign.net (Must be the FQDN - Fully Qualifed Domain Name)

Note: DO NOT Enter the following:

Email Address []:
A challenge password []:
An optional company name []:

3. Please verify the CSR, to insure all information is correct. Use the following command:

openssl req -noout -text -in www.mydomain.com.csr

4. The CSR will now be created, and can be submitted via the website.

技術支援系統登入 忘記密碼?


文件區 (3)
SSL 憑證 (0)
CodeSign程式碼簽章 (0)
Email憑證 (24)
隱私條款 法律聲明 安全說明連絡寰宇