About Us
Microsoft Authenticode Code Signing
Buy GeoTrust SSL Certificate
Buy RapidSSL Certificate
Buy Thawte SSL Certificate
Certs 4 Less © 2024
A 4 Less Communications, Inc. Company
Generate a Certificate Signing Request (CSR) -
IBM HTTP Server
To generate a CSR, you first need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match your private key. You will have to request a new SSL Certificate.
The CSR needs to contain the following attributes:
- Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
- State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
- Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
- Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corportation or XY and Z Corportation.
- Organizational Unit (OU): This field is the name of the department or organization unit making the request.
- Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com".
Note: SSL certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".
We recommend that you contact for IBM additional information.
Generate a Key Pair and CSR
Note: The recommended key bit size is 2048-bit. All certificates that will expire after December 31, 2013 must have a 2048 bit key size
Step 1: Generate a keypair
Step 1: Generate a keypair
Use the utility "openssl" to generate the key and CSR.
-
This utility comes with the OpenSSL package. You usually install it under /usr/local/ssl/bin. (If you have installed openssl elsewhere you will need to adjust these instructions appropriately).
-
Generate a private key using the following command: openssl genrsa -des3 2048 > verisign.keyNote: For Extended Validation certificates the key bit length must be 2048.
Step 2: Generate a Certificate Signing Request (CSR)
- Change directory to your SSL Certificate directory: cd /usr/local/ssl/crt
- Generate a CSR using the following command:
openssl req -new -key ./verisign.key > verisign.csr
You have just created a key pair and a CSR. - To copy and paste the information into the enrollment form, open the file verisign.csr in a text editor that does not add extra characters (Notepad or vi are recommended).
- Paste the information into the enrollment form when prompted for the CSR.
SSL Certificate Support
- SSL Certificate Support
- SSL Certificate FAQ
- EV SSL Overview
- EV SSL Requirements
- How To Create A CSR
- MS Exchange Server 2007 CSR
- MS Exchange Server 2010 CSR
- MS Exchange Server 2013 CSR
- MS SBS Server 2008 CSR
- MS Windows 2003 - IIS 6 CSR
- MS Windows 2008 - IIS 7 CSR
- MS Windows 2012 - IIS 8 CSR
- Outlook Web Access CSR
- Apache SSL CSR
- Cisco ACS 3.2 CSR
- IBM Websphere MQ CSR
- IBM HTTP Server CSR
- Lotus Domino 7.0 CSR
- Lotus Domino 8.0 CSR
- Covalent Apache ERS 2.4 CSR
- Covalent Apache ERS 3.0 CSR
- F5 BIG-IP CSR
- F5 Firepass CSR
- Mirapoint Message Server CSR
- Nortel SSL Accelerator CSR
- Oracle Wallet Manager CSR
- BEA WebLogic 6.0 CSR
- BEA WebLogic 8.1 CSR
- BEA WebLogic 10.1 CSR
- Barracuda Networks CSR
- SonicWALL SSL CSR
- cPanel WHM CSR
- Paralells Plesk Panel CSR
