Follow these instructions to create a CSR (Certificate Signing Request) if the server you are using Apache, which are required in order SSL certificate.
OpenSSL is an open source project that replaced SSLeay. If your system is using SSLeay, replace the SSLeay with OpenSSL on the command line in this guide.
1.Install OpenSSL on your server (if not already installed)
2.Create an RSA key on your Apache:
cd /apacheroot/conf/ssl.key (ssl.key folder is the default folder to store the key ssl)
If you have a different key folder, enter or move (cd) to the directory where you store the private key for ssl this.
3.Type the following command to create a private key which is a tar file-encrypt. While doing this you will be prompted to enter a password (password required to access these files are also needed to start the webserver).
Attention: please remember well the password you enter this, if you forget this password you have to order a new SSL certificate.
openssl genrsa -des3 -out domainname.key 1024
You can also create a private key without encryption (password), with perinta:
openssl genrsa -out domainname.key 1024
Note: We recommend to give this private key file name with the domain name you message for this ssl, for example: namadomainanda.key
4.Type the following command to create a CSR based on the RSA private key you just created (output in PEM format):
openssl req -new -key domainname.key -out domainname.csr
Note: if you want to put a password on this file as in step 3 above, you need to add the "-des3" on the command you typed.
5.When creating the CSR you must follow the following convention. Enter information to be displayed on the certificate. The following characters can not be used:: <> ~! @ # $% ^ * / \ ()?., &
DN Field Information Examples
Common Name Domain names (and subdomain) complete the booking you are using SSL. Must match exactly with your order. If you order SSL for https: / / www.namadomainanda.com, then you should write it with "www.namadomainanda.com"
If you book a wildcard SSL, fill with "*. namadomainanda.com"
Organization The official name of company / your institution. Do not abbreviated Page Onward Abstinence Retreat
Organization Unit Section / Division in your company Marketing
City or Locality The city where the company / your institution is officially domiciled East Jakarta
State or Province State or province where the company / your institution is officially domiciled. DKI Jakarta
Country State your company's location, in the format of the ISO two-letter abbreviation ID
6. Do not enter extra attributes in the prompt.
Attention: challenge password blank.
Note: if you want to put a password on this file as in step 3 above, you need to add the "-des3" on the command you typed.
If you want to verify the contents of the CSR, run the following command:
openssl req -noout -text -in domainname.csr
7. Submit your CSR when asked by the publisher of SSL to include it in the application page (send a complete with beginning and end of line as shown in the example below).
CSR file format is as follows (open with text editor program such as Notepad or WordPad)
-----BEGIN CERTIFICATE REQUEST-----
your code here
-----END CERTIFICATE REQUEST-----
8. Make a copy (backup) files private key created in step 3 above in a directory or other computer that you feel safe. If you lose this file you need to order a new SSL certificate.
Forms of private key file is as follows (open with text editor program such as Notepad or WordPad)
-----BEGIN RSA PRIVATE KEY-----
your code here
-----END RSA PRIVATE KEY-----
To view the contents of private key file, use the following command:
openssl rsa -noout -text -in domainname.ke
Your Hosting Tutorial & shell scripting admin
0 comments:
Post a Comment