CSR generating procedure differs depending on server software. We provide a guide to CSR generating for the most popular Apache web-server. In case you are using other server software please consult with your server administrator or hosting provider.
For private key and CSR generating an OpenSSL utility is used. This utility usually comes with Apache server.
- Enter the following command in the server command line:
openssl req -new -nodes -keyout www.mydomain.com.key -out www.mydomain.com.csr
- Specify necessary information for the CSR.
- all information should be entered in English;
- the following characters are not allowed: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&
|Parameter ||Explanation ||Example
Two-letter country ISO-code
|State or Province Name
|State or province of the comnapny registration.
||City of the compan registration.
|Complete legal name of the company.
|Organizational Unit Name
|Name of the organuzational unit.
||Fully Qualifed Domain Name for which a certificate is issued. Important! Please check your common name during the enrollment process to ensure it is correct. A Common name is a domain name listed with or without a host (i.e. either just mydomain.com or www.mydomain.com or secure.mydomain.com). If a host name is required, ensure it is in the CSR. After your certificate has been issued, changing the common name would require a reissue, which will mean generating a new Private Key and CSR pair off the web server and then going through the online process again.
|Do not fill
|A challenge password
|Do not fill
|An optional company name
||Do not fill
- Check the CSR for validity by the following command:
openssl req -noout -text -in www.mydomain.com.csr
If the CSR is valid the command will produce the output like the following:
Version: 0 (0x0)
Subject: C=ru, ST=ddd, L=fff, O=ddd, OU=ss, CN=www.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
CSR now is generated and stored in www.mydomain.com.csr file. Your private key is stored in www.mydomain.com.key. The most important thing you can do to protect your certificate and the security of your website is to backup your private key!
You may also use a free Windows OpenSSL client which will allow you to generate CSR and private key right in the windows environment without any need to use server command line. This client may be downloaded here: http://www.slproweb.com/products/Win32OpenSSL.html. Install it on your local computer and youк generated CSR and private key will also be stored localy.
After your CSR is generated and certificate is issued you may install certificate on your server.