Resolution
Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to RapidSSL.com in order to be generated into a SSL Security Certificate.
OpenSSL is the open source project that replaced SSLeay. If you are using SSLeay on your system instead of OpenSSL, substitute ssleay with openssl for the commands.
�
- Install OpenSSL, if not found on your server.
- Create a RSA key for your Apache server:�cd /apacheserverroot/conf/ssl.key (ssl.key is the default key directory.)
NOTE: If you have a different path, cd to your server�s private key directory. - Type the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your webserver. Warning: If you lose or forget the passphrase, you must purchase another certificate.
openssl genrsa -des3 -out domainname.key 2048
You could also create a private key without file encryption if you do not want to enter the passphrase when starting your webserver
openssl genrsa -out domainname.key 2048
Note: We recommend that you name the private key using the domain name that you are purchasing the certificate for ie domainname.key - Type the following command to create a CSR with the RSA private key (output will be PEM format)
openssl req -new -key domainname.key -out domainname.csr
Note: You will be prompted for your PEM passphrase if you included the "-des3" switch in step 3. - When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&
- Do not enter extra attributes at the prompt. Warning: Leave the challenge password blank (press enter)
openssl req -noout -text -in domainname.csr
Submit your CSR to RapidSSL.com using the online application pages. Create a backup of your private key! Make a copy of the private key file (domainname.key) generated in step 3 and store it in a safe place! If you lose this file, you must purchase a new certificate.
The private key file should begin with (when using a text editor)
-----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.
To view the contents of the private key, use the following command:
openssl rsa -noout -text -in domainname.key
* Last updated: 2nd March 2011.
�