Follow these instructions to generate a CSR for your Web site. When you have completed this process, click the "close" button below to close this window and continue to the next step. OpenSSL is the open source project that replaced SSLeay. If you are using SSLeay on your system instead of OpenSSL, substitute ssleay with openssl for the commands. If you have not already set up a secure virtual host or would like to learn more about SSL, refer to the following link for more information: http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#installation Note: The examples below use the following naming conventions: "Your Private Key" = "domainname.key"; "Your Web Server Certificate" = "domainname.crt" openssl genrsa -des3 -out domainname.key 1024 Warning: Backup this key and its passphrase. If you lose the private key or forget its passphrase, you must purchase another certificate.
openssl genrsa -out domainname.key 1024
You can view the contents of the private key by using the following command:
openssl rsa -noout -text -in domainname.key
The private key text should begin with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.
openssl req -new -key domainname.key -out domainname.csr
* Note: You will be prompted for your PEM passphrase if you included the "-des3" switch in step 3.
DN Field
Explanation
Example
Common Name
The fully qualified domain name for your web server. This must be an exact match.
If you intend to secure the URL https://www.geotrust.com, then your CSR's common name must be www.geotrust.com.
Organization
The exact legal name of your organization. Do not abbreviate your organization name.
GeoTrust
Organization Unit
Section of the organization
Marketing
City or Locality
The city where your organization is legally located.
Wellesley Hills
State or Province
The state or province where your organization is legally located. Can not be abbreviated.
Massachusetts
Country
The two-letter ISO abbreviation for your country.
US
openssl req -noout -text -in domainname.csr