Follow these instructions to generate a CSR for your Web site. When you have completed this process, click the "close" button below to close this window and continue to the next step. OpenSSL is the open source project that replaced SSLeay. If you are using SSLeay on your system instead of OpenSSL, substitute ssleay with openssl for the commands.
openssl genrsa -des3 -out domainname.key 2048
You could also create a private key without file encryption:
openssl genrsa -out domainname.key 2048
Note: We recommend that you name the private key using the domain name that you are purchasing the certificate for ie domainname.key
openssl req -new -key domainname.key -out domainname.csr
* Note: You will be prompted for your PEM passphrase if you included the "-des3" switch in step 3.
Example < /h4>
|Common Name||The fully qualified domain name for your web server. This must be an exact match.||If you intend to secure the URL https://www.geotrust.com, then your CSR's common name must be www.geotrust.com.|
|Organization||The exact legal name of your organization. Do not abbreviate your organization name.||GeoTrust|
|Organization Unit||Section of the organization||Marketing|
|City or Locality||The city where your organization is legally located.||Wellesley Hills|
|State or Province||The state or province where your organization is legally located. Can not be abbreviated.||Massachusetts|
|Country||The two-letter ISO abbreviation for your country.||US|
Warning: Leave the challenge password blank.
Note: If you would like to verify the contents of the CSR, use the following command:
openssl req -noout -text -in domainname.csr
Create a backup of your private key!
Make a copy of the private key file (domainname.key) generated in step 3 and store it in a safe place! If you lose this file, you must generate a new private key & CSR and reissue the certificate. To do this, please visit https://knowledge.digicert.com and search for Reissue.
* The private key file should begin with (when using a text editor)
-----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.
To view the contents of the private key, use the following command:
openssl rsa -noout -text -in domainname.key
[ Close ]