To generate a certificate signing request (CSR) and key in Apache + MOD SSL, please follow
these step-by-step instructions:
1. Install “OpenSSL”, if not found on server, and put in “PATH”.
2. Create a RSA key for your Apache server by: cd to /apacheserverroot/conf/ssl.key
directory. (ssl key is the default key directory. If you have a different setting, cd to your
server’s private key directory.)
3. Type the following commands to generate a key pair:
$openssl genrsa -des3 -out server.key 1024
4. Enter and verify the “PEM passphrase”. The passphrase will be used to install the server
certificate.
Warning: If you lose the passphrase, you must purchase another certificate.
5. Type the following commands to create a CSR with the server RSA private key:
$openssl req -new -key server.key -out server.csr
(The output will be PEM formatted.)
these step-by-step instructions:
1. Install “OpenSSL”, if not found on server, and put in “PATH”.
2. Create a RSA key for your Apache server by: cd to /apacheserverroot/conf/ssl.key
directory. (ssl key is the default key directory. If you have a different setting, cd to your
server’s private key directory.)
3. Type the following commands to generate a key pair:
$openssl genrsa -des3 -out server.key 1024
4. Enter and verify the “PEM passphrase”. The passphrase will be used to install the server
certificate.
Warning: If you lose the passphrase, you must purchase another certificate.
5. Type the following commands to create a CSR with the server RSA private key:
$openssl req -new -key server.key -out server.csr
(The output will be PEM formatted.)
6. When creating a CSR, you must follow these conventions.
- Enter the “Distinguished Name Field” information.
- Note: The following characters cannot be accepted: < > ~ ! @ # % ^ * / \ ( ) ? identrust.com
| Distinguished Name Field | Explanation | Example |
|---|---|---|
| Country Name | The two-letter ISO abbreviation for your country. | US = United States |
| State or Province Name | The state or province where your organization is legally located. Do not abbreviate the state or province name. | Utah |
| City or Locality | The city where your organization is legally located. | Salt Lake City |
| Company (Organization) Name | The exact legal name of your organization. Do not abbreviate your organization name. | IdenTrust Inc. |
| Department Name | Section of the organization. | Marketing |
| Server Hostname | The fully qualified domain name for your web server. This must be an exact match. | If you intend to secure the URL, https://www.identrust.com/, then your CSR's Server Hostname must be www.identrust. com |
| Server Administrator's Email Address | Your email address | [email protected] |
7. Do not enter extra attributes at the prompt.
Warning: Leave the challenge password blank.
8. View the details of the CSR via the command:
$ openssl req -noout -text -in server.csr
9. Send the entire certificate request to IdenTrust, including ----BEGIN CERTIFICATE
REQUEST---- and ----END CERTIFICATE REQUEST----
Warning: Leave the challenge password blank.
8. View the details of the CSR via the command:
$ openssl req -noout -text -in server.csr
9. Send the entire certificate request to IdenTrust, including ----BEGIN CERTIFICATE
REQUEST---- and ----END CERTIFICATE REQUEST----
Key Pair Backup
- Backup this “server.key” file and remember the passphrase you had to enter at a secure location.
- View the details of the RSA private key via the command: $ openssl rsa -noout -text -in server.key