To generate a CSR, you first need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match your private key. You will have to request a new SSL Certificate and may be charged.
Generate a Key Pair and CSR
Step 1: Generate a keypair
Use the utility "openssl" to generate the key and CSR.
- This utility comes with the OpenSSL package. You usually install it under /usr/local/ssl/bin. (If you have installed openssl elsewhere you will need to adjust these instructions appropriately).
- Generate a private key using the following command: openssl genrsa -des3 1024 > Geotrust.key
Step 2: Generate a Certificate Signing Request (CSR)
- Change directory to your SSL Certificate directory: cd /usr/local/ssl/crt
- Generate a CSR using the following command:
openssl req -new -key ./Geotrust.key > Geotrust.csr You have just created a key pair and a CSR.
- To copy and paste the information into the enrollment form, open the file Geotrust.csr in a text editor that does not add extra characters (Notepad or vi are recommended).
- Paste the information into the enrollment form when prompted for the CSR.
|