May 2023

How to Generate a CSR for Media Temple (GRID) The following instructions will guide you through the CSR generation process on Media Temple (GRID). To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Log In Log in to Media Temple and view your Account Center. Navigate to “Domains” and select the domain you are securing Click Domains in the navigation bar and select the appropriate domain name. View your GRID Control Panel Note: The list of configuration options can vary depending on if you selected the “primary domain” under your account. For securing the Primary Domain, scroll down to Add-Ons and select SSL Certificate.      4.Select “Generate CSR” In the configuration page, scroll down to Certificate Signing Request and select Generate CSR. Fill out the Request Form and click Generate. Note 1:To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article. Note 2: By default, Media Temple will automatically generate the corresponding private key and store it within your Account Center. Generate the Order Congratulations, you have created a CSR and it should appear on the same page. Copy all of the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Media Temple (GRID).

How to Generate a CSR for Mac OS X El Capitan The following instructions will guide you through the CSR generation process on Mac OS X El Capitan (v.10.11). To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Launch the Mac OS X El Capitan (v.10.11) Server App. Navigate to the server settings From the Finder window, under Favorites, select Applications and then Server.

How to Generate a CSR for LiteSpeed The following instructions will guide you through the CSR generation process on LiteSpeed. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Note: The following guide assumes that you have OpenSSL installed and feel comfortable entering command prompts. Run private key generation command Generate an RSA private key by running the following command: Openssl genrsa –out server.key 2048 Note: The text “server.key” will set the file name of your private key. You can rename this at your discretion, but make sure you leave the extension as “.key”. Run CSR generation command Generate the CSR by running the following command: Openssl req –new –key server.key –out server.csr Note: The text “server.key” should be changed to match whatever file name you specified when creating the private key in Step 1. You can rename this at your discretion, but make sure you leave the extension as “.csr”. Enter details The command will prompt you to enter in the following CSR details: Common Name (CN):The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Organization Name (ON):The full legal name of your organization including the corporate identifier. Organizational Unit (OU): Your department such as ‘Information Technology’ or ‘Website Security.’ Locality or City (L): The locality or city where your organization is legally incorporated. Do not abbreviate. State or Province (S): The state or province where your organization is legally incorporated. Do not abbreviate. Country Name (C):The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Generate the order Congratulations, you created a CSR and it was automatically saved under the file name you specified and in the directory where you ran the command. Locate and open the newly created CSR in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for LiteSpeed.

How to Generate a CSR for Jetty Java HTTPS Servlet Web Server The following instructions will guide you through the CSR generation process on Jetty Java HTTP Servlet Web Server. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Run private key generation command Generate a keystore and private key by running the following command: keytool -genkey -alias [enter_alias_name] -keyalg RSA -keystore [enter_keystore_name] -keysize 2048 Create a password Enter a keystore password. Note: Java servers will use a default password unless you decide to change it by specifying a customer password in the server.xml configuration file. Enter the CSR details when prompted: Common Name (CN):The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Organization Name (ON):The full legal name of your organization including the corporate identifier. Organizational Unit (OU): Your department such as ‘Information Technology’ or ‘Website Security.’ Locality or City (L): The locality or city where your organization is legally incorporated. Do not abbreviate. State or Province (S): The state or province where your organization is legally incorporated. Do not abbreviate. Country Name (C):The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Select Enter when prompted for the private key alias password. Note: This will set the private key password to the same password used for the keystore from Step 2. Please save the private key and keystore password. If lost, they cannot be retrieved and you’ll have to start over. Backup the keystore file After creating the Keyentry, by accessing the following directory and saving the file somewhere safe in case of a system crash or failure. C:\WINNT\Profiles\Administrator\.keystore Or C:\Documents and Settings\your name\.keystore Run the CSR generation command Generate a CSR off the Keyentry by running the following command: keytool -certreq -alias [alias_name] -file certreq.csr -keystore [keystore_name] Locate and open the newly created CSR in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Generate the order Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Jetty Java HTTP Servlet Web Server.

How to Generate a CSR for F5 BIG IP (version 8 and under) The following instructions will guide you through the CSR generation process on F5 BIG-IP Loadbalancer (version 8 and under). To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Log In Login to the BIG-IP device as the root user and run the following command: # /usr/local/bin/genconf Enter your company details Including the full legal entity name and physical address of operation. Do not abbreviate. Create the CSR Enter the following command: # /usr/local/bin/genkey www.yoursite.com Note: You will replace www.yoursite.com with the FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Copy the CSR text from the file Under /config/bigconfig/ssl.csr/ locate and open the newly created CSR file named after the FQDN you specified (i.e. www.yoursite.com.csr) in a text editor such as Notepad and copy all of the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Note: You may have to transfer the CSR to the workstation you will use to order the certificate. Generate the order Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for F5 BIG IP Loadbalancer (version 8 and under).

How to Generate a CSR for F5 BIG IP (version 9) The following instructions will guide you through the CSR generation process on F5 BIG-IP Loadbalancer (version 9). To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Open the F5 BIGIP Web GUI. Under Local Traffic select SSL Certificates and then Create.   Enter General Properties Under General Properties enter a certificate friendly name which will help distinguish the CSR going forward. Enter Certificate Properties Under Certificate Properties enter the following CSR details: Issuer: Select the issuing “Certificate Authority”. Common name: The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Division: Your department such as ‘Information Technology’ or ‘Website Security.’ Organization: The full legal name of your organization including the corporate identifier. Locality, State or Province, Country: City, state, and country where your organization is legally incorporated. Do not abbreviate. Email Address: Your email address. Change Password, Confirm Password: Your password. For Key Properties, select RSA& 2048. Click the Finished button. Copy the CSR text from the file Locate and open the newly created CSR in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Generate the order Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for F5 BIG IP Loadbalancer (version 9).

How to Generate a CSR for cPanel 11.x The following instructions will guide you through the CSR generation process on cPanel (Paper-Lantern Theme Modern). To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Log In Log in to cPanel, this can typically be accessed by going to https://domain.com:2083. Note: You may encounter error message “Your connection is not private” or something similar when attempting to visit your cPanel login page. This is caused du Enter your Username/Password and click Log in. Navigate to cPanel Home View your cPanel Home page. Note: Older versions such as X3 Theme-Classic may not look like the image above, but should still contain the same concept and category structure. Navigate to the SSL/TLS Manager Navigate to the SSL/TLS Manager page by scrolling down to the Security section and select the SSL/TLS button. Note: You can also navigate to the SSL/TLS Manager page by utilizing the Search Feature at the top right of the cPanel home page and searching “SSL”. Your SSL/TLS Manager page will allow you to manage everything related to SSL/TLS configuration for cPanel. Select Generate view, upload, or delete SSL certificate signing requests. Fill out the Request Form and click Create. Note 1: By default, cPanel will automatically generate the corresponding private key if “Generate a new 2,048 bit key” is selected as the Key option. If you already have a private key created that you wish to use, select the Key dropdown and select the appropriate option. Note 2: cPanel does not require a passphrase for your CSR, but does recommend inputting a description such as “CSR for www.google.com 9/13/2016” that helps distinguish this CSR going forward. Note 3: To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article. Generate the order Congratulations, you have created a CSR and automatically saved it in your user directory. Click into the Encoded Certificate Signing Request text box that’s presented after generation, and copy all of the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form back on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for cPanel (Paper-Lantern Theme Modern).

How to Generate a CSR for Citrix Secure Gateway The following instructions will guide you through the CSR generation process on Citrix Secure Gateway. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Determine what version of Microsoft IIS you are running This is where the CSR generation process will take place. Please reference the table below if you do not know what version of IIS you are running. Your Operating System IIS Version Windows Server 2003 6 Windows Vista and Windows Server 2008 7 Windows 7 and Windows Server 2008 R2 7.5 Windows 8 and Windows Server 2012 8 Source: https://support.microsoft.com/en-us/kb/224609 Select IIS CSR Generation Instructions Upon determining what version of IIS you are running, select the appropriate set of CSR Generation instructions below: Microsoft IIS 6.x Microsoft IIS 7.x Microsoft IIS 8.x Upon generating the CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Citrix Secure Gateway.

How to Generate a CSR for Apache Web Server Using OpenSSL The following instructions will guide you through the CSR generation process on Apache OpenSSL. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Log In Log in to your server’s terminal via Secure Shell (SSH). Run CSR Generation Command Generate a private key and CSR by running the following command:Here is the plain text version to copy and paste into your terminal: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr Note: Replace “server” with the domain name you intend to secure. Enter your Information Enter the following CSR details when prompted: Common Name:The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Organization:The full legal name of your organization including the corporate identifier. Organization Unit (OU): Your department such as ‘Information Technology’ or ‘Website Security.’ City or Locality: The locality or city where your organization is legally incorporated. Do not abbreviate. State or Province: The state or province where your organization is legally incorporated. Do not abbreviate. Country:The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Note: You are not required to enter a password or passphrase. This optional field is for applying additional security to your key pair. Copy the CSR text from the file Locate and open the newly created CSR in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Note 1: Your CSR should be saved in the same user directory that you SSH into unless otherwise specified by you. Note 2: We recommend saving or backing up your newly generate “.key” file as this will be required later during the installation process. Generate the order Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Apache OpenSSL.

How to Generate a CSR for Amazon EC2 (AWS) To learn more about CSRs and the importance of your private key, reference our Certificate Signing Request (CSR) Overview article. If you already generated the CSR and received your trusted SSL certificate and need help with installation, reference our Amazon EC2 server SSL Installation Instructions. To create a CSR on your Amazon EC2 server, you will use OpenSSL commands within your EC2 instance. Connect to your EC2 Instance For instructions on how to connect to your instance, check Amazon’s guide here. Once connected, navigate to your server’s private key store via /etc/pki/tls/private/. Generate New Private Key To create a new 2048-bit RSA private key, run the following command: [ec2-user ~]$ sudo openssl genrsa -out custom.key Create the CSR from the key After generating the private key, run the following command to create the CSR: [ec2-user ~]$ sudo openssl req -new -key custom.key -out csr.pem OpenSSL will then open a new window for filling out the certificate request. The following fields are required: Country: 2-letter ISO abbreviation for your country. State/Province: The name of the state, province, or region within your country where your organization is located. Do not abbreviate this name. Locality: The city or locality where you are located. Organization Name: The full legal name of your organization. (For non-organization certificates, you can fill this field with any relevant info, such as your domain name, or N/A) Common Name: The domain name or public IP address to be secured by the SSL certificate, i.e. domain.com. For a single-domain wildcard SSL certificate, the domain should be formatted like *.domain.com. The organization unit and email address fields are typically not required in your CSR. CSR Challenge Phrase OpenSSL may prompt you to set a challenge phrase or password on the CSR. We do not recommend setting a challenge phrase. Check the CSR Output The CSR will finally be generated as a .pem type file, which can be opened in a text editor like Notepad. You can open this file and copy and paste the full code, including the —–BEGIN CERTIFICATE REQUEST—– header and —–END CERTIFICATE REQUEST—– footer, into your SSL order generation form. Validation and Installation After you have received your CSR, and have enrolled your order, your certificate will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed to the next step using our SSL Installation Instructions for Amazon EC2 (AWS).