Creating a CSR and PK

Content V1 — Wed, 13 Oct 2004 12:00:00 GMT

Creating a Certificate Signing Request and Private Key

In order to obtain a signed Digital Certificate, you must create a Certificate Signing Request, or CSR. At the same time your
CSR is created, you will also generate a Private Key. The CSR is used by the Signing Authority to create a Signed Digital
Certificate which works with your Private Key to provide secure access to your Web site.

There is some information that you will need to gather before generating the CSR and Private Key. This information is
required as part of the CSR, and must be entered exactly as you want them to appear in your certificate.

PEM Passphrase

This is a security phrase which, like a password, ensures that only you can use your digital certificate. Be sure to
use a phrase which you can easily remember but which is not easily guessed. You will need to enter the passphrase in the
future to install your signed certificate.

Company Location

You will need to know the country, province or state, and city where you want the certificate to display as your
company location.

Company Contact Information

This includes the complete company or organization name, and the organizational unit or department (if
applicable).

Your Domain Name

You will need to determine the exact domain name that you want to use to access your Web site securely.

Contact E-mail Address

The contact E-mail address that you want to have the Signing Authority use when corresponding with you.

Extra Information

This is additional information that is not required, but may be useful. It includes a challenge password, which some
Signing Authorities use to allow you access to your certificate and which they may require when interacting with
them. You can also enter additional company information.

Once you have all the information ready to enter, connect to you Virtual Private Server via
SSH or Telnet and run the following command.

% openssl req -new

You will be asked to provide the information you gathered earlier. Most of the questions are self explanatory, except that
common name refers to the domain name that you want to use when accessing your site using SSL (ie domain.com or
www.domain.com or cname.domain.com or *.domain.com).

When you have entered all the data, your CSR will be shown. It is a good idea to save the CSR by copying and pasting it into
a file on your local computer. You will need it when you are ordering your SSL certificate from the Signing Authority's Web
site. The following is an example of a CSR. Note that the CSR includes the lines with BEGIN CERTIFICATE REQUEST
and END CERTIFICATE REQUEST.

In the directory where you were when you ran the openssl command, you will also find a new file called
privkey.pm. This is your private key, which you will need at a later time. The following is an example of a private key.
Note that the lines containing BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY are part of the key.

Once you have your CSR and Private Key, the next step is to Obtain
your signed Digital Certificate.

viaVerio :: Creating a CSR and PK

Creating a CSR and PK

Creating a Certificate Signing Request and Private Key

PEM Passphrase

Company Location

Company Contact Information

Your Domain Name

Contact E-mail Address

Extra Information