Author name: ssl

Mac OS Keychain Access Generating a Certificate Signing Request in Keychain Under Keychain Access menu, find Certificate Assistant menu, highlight with your cursor, and then click Request a Certificate from a Certificate Authority. Enter the common name and email address in the Certificate Assistant window. For SSL certificates, the Common Name must be the domain name for your website. Only enter one domain name, even if you are generating a multi-domain SSL certificate. Do not input CA Email Address, instead select Saved to Disk to designate a location on your Mac for the CSR text file to be saved. Select the preferred key size – the industry standard for SSL certificates is 2048 bits. Then, click Continue. Locate the CSR file that was saved and right-click to open with TextEdit. You will copy and paste all the text from this file including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– into the CSR field on your order generation form on your account.   There is no further action needed in Certificate Assistant from this point, so if there are further options, you can simply exist the Assistant window. After completing the Generation step, the Validation process will begin. Check out our SSL Validation guides for more information on what is required to complete validation for your SSL certificate. Where Is the Private Key? To locate the private key in Keychain, search the CSR common name in All Items in the Login keychain. There should be a public key (the CSR) and a private key matching the common name you entered when generating the CSR. Make sure to never share or delete this private key, as you will need this file when you are ready to install the SSL certificate on your web server.

How to Generate a CSR on Webmin Server The following instructions will guide you through the CSR generation process on Webmin. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions for Webmin and disregard the steps below. Log in Log in to the Webmin interface through your browser. Navigate to the Terminal In the left pane, click on the Terminal symbol or press Alt+K Paste the OpenSSL Command Now the Terminal screen will pop up on your screen. You’ll need to paste in the below OpenSSL command to generate the CSR as well as the Private Key. Note: Don’t paste the command below verbatim. Make sure to adjust the bold part of the command according to your domain. detasudo openssl req -new -newkey rsa:2048 -nodes -keyout /etc/ssl/yourdomainname.com.key -out /etc/ssl/yourdomainname.com.csr -subj /C=US/ST=Florida/L=Saint Petersburg/O=Rapid Web Services/OU=Support/CN=yourdomainname; cat /etc/ssl/yourdomainname.csr /etc/ssl/example.com.key: Path C: 2-digit country code ST: Write the full name of the state. For example, Florida. L: Write the full name of the city. For example, New York O:Write the full name of your organization without any special characters. If you want to issue an OV or an EV SSL certificate, you must write the legal name of your organization. OU:Name of the department (e.g., Marketing Department) CN: yourdomaninname.com or yourdomainname.com. Include an asterisk if you’re planning to use a Wildcard SSL certificate (for example: *.yourdomainname.com) Now the CSR will be generated. Copy the contents starting from —–BEGIN CERTIFICATE REQUEST—— and ending with —–END CERTIFICATE REQUEST—–. Paste it into a text editor such as Notepad.

How to Generate a CSR for Web Host Manager (WHM) The following instructions will guide you through the CSR generation process on Web Host Manager (WHM). To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Log in to WHM This can typically be accessed by going to https://domain.com:2087. Note: You may encounter error message “Your connection is not private” or something similar when attempting to visit your WHM login page. This is caused due to your login page using a self-signed certificate by default. Please disregard this and proceed past the error message.   Enter your Username/Password and click Log in.   Navigate to the SSL/TLS Manager View your WHM Home page.   Select SSL/TLS Click the SSL/TLS button.   Select Generate an SSL Certificate and Signing Request In your SSL/TLS Manager page, click Generate an SSL Certificate and Signing Request.   Fill out the Request Form and click Create Note 1: We do not recommend sending the private key via email over an insecure channel. Note 2: By default, WHM will automatically generate the corresponding private key if “2,048 bits (Recommended)” is selected as the Key Size. If you already have a private key created that you wish to use, select the Key Size dropdown and select the appropriate option. Note 3: To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article.   Generate your order Congratulations, you have created a CSR and automatically saved it in your user directory.   Click into the Signing Request text box that’s presented after generation, and copy all if the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—–   Return to the Generation Form back on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Web Host Manager (WHM).

How to Generate a CSR for Tomcat The following instructions will guide you through the CSR generation process on Tomcat. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Navigate to the Directory The Directory is where you will manage the certificate. Enter key generation command Generate a keystore and private key by running the following command: keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore your_domain_name.jks Note: Replace “your_domain_name” with the primary domain you will be securing with the certificate. Create the keystore Enter a keystore password. Enter your Organization Information. Note: When prompted to enter your First and Last Name, input your “domain name” instead of your personal name. Enter y or yes when prompted only if all information is correct. Enter your keystore password and press Enter. Your keystore has been created in the current directory. Run the CSR command From the newly created keystore, generate your CSR by running the following keytool command: keytool -certreq -alias server -file csr.txt -keystore your_domain_name.jks Enter your keystore password and press Enter. Your CSR has been created in the current directory. Generate the order Locate and open the newly created CSR in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Tomcat.

How to Generate a CSR for Plesk 10 The following instructions will guide you through the CSR generation process on Plesk v.10. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Log in to Parallels Plesk Panel Select Hosting Services and click Domains. Click Control Panel next to the domain the request is for. Navigate to “SSL Certificates” Select Websites & Domains and click SSL Certificates. Note: For securing multiple domains, click Manage next to the appropriate domains before proceeding to Step 3. Add SSL Certificate and enter friendly name Enter a Certificate Name which is a friendly name for your internal reference only; it’s not a part of your actual SSL certificate. Note: A good naming format is “Domain Name (Years of Validity)”, which helps you easily identify the certificate in your control panel and when it expires. Select bit size and country Select a Bit Size of 2048 (recommend) or higher. Select your Country. Enter in the following CSR details Country:The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. State or Province: The state or province where your organization is legally incorporated. Do not abbreviate. Location: The locality or city where your organization is legally incorporated. Do not abbreviate. Organization Name:The full legal name of your organization including the corporate identifier. Department: Your department such as ‘Information Technology’ or ‘Website Security.’ Domain Name:The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Email Address:The email address of the certificate requestor or site admin. Click Request to create the CSR Under SSL Certificates, click the Certificate Name you choose to view the CSR. Generate the Order Copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Plesk v10.

How to Generate a CSR for Odin (Plesk v.11, 12, & 12.5) The following instructions will guide you through the CSR generation process on Odin (Plesk v.11, 12, & 12.5). To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Log in to Odin This can typically be accessed by going to https://domain.com:8443. Enter your Username/Password and click Log in. Navigate to “Websites & Domains” In the Power User View, click Websites & Domains in the top navigation menu. Navigate to the correct Domain Name by scrolling down and click Show More. Select Secure Your Sites Select Add SSL Certificate Enter a friendly name Enter a Certificate Name which is a friendly name for your internal reference only; it’s not a part of your actual SSL certificate. Note: A good naming format is “Domain Name (Years of Validity)”, which helps you easily identify the certificate in your control panel and when it expires. Request CSR Scroll down and enter the remaining CSR details and then click Request. Note: To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article. Collect CSR Click View Certificate to view your CSR or select the green down arrow to download the file in a text editor such as Notepad. Generate the order Copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Odin (Plesk v.11, 12, & 12.5).

How to Generate a CSR for Nginx (OpenSSL) The following instructions will guide you through the CSR generation process on Nginx (OpenSSL). To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Log in to your server’s terminal. You will want to log in via Secure Shell (SSH). Enter CSR and Private Key command Generate a private key and CSR by running the following command: Here is the plain text version to copy and paste into your terminal: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr Note: Replace “server ” with the domain name you intend to secure. Enter your CSR details Enter the following CSR details when prompted: Common Name:The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Organization:The full legal name of your organization including the corporate identifier. Organization Unit (OU): Your department such as ‘Information Technology’ or ‘Website Security.’ City or Locality: The locality or city where your organization is legally incorporated. Do not abbreviate. State or Province: The state or province where your organization is legally incorporated. Do not abbreviate. Country:The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Note: You are not required to enter a password or passphrase. This optional field is for applying additional security to your key pair. Generate the order Locate and open the newly created CSR in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Note 1: Your CSR should be saved in the same user directory that you SSH into unless otherwise specified by you. Note 2: We recommend saving or backing up your newly generate “.key ” file as this will be required later during the installation process. Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Nginx using OpenSSL.

How to Generate a CSR for Microsoft Office Communications 2007 The following instructions will guide you through the CSR generation process on Microsoft Office Communications 2007 Server. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Open Office Communications Server 2007 Click Start, then select Programs, then Administrative Tools, and finally Office Communications Server 2007. Navigate to “Certificates” to start the Wizard Expand the Enterprise Edition Server snap-in. Right-click the correct Server and select Certificates. Select “Create new Certificate” Select Next on the Certificate Wizard, then select Create a New Certificate, then click next again.   Select the Prepare the request now, but send it later option Then click Next.   Specify name and bit length Enter a friendly name for your Certificate, something you will be able to reference easily later. And select 2048 as your Bit Length.   Note: If you want the certificate to be exportable, make sure to select that option on this screen. Enter your CSR details Over the next few screens of the wizard, enter the following information to complete the CSR: Organization Name (ON):The full legal name of your organization including the corporate identifier. Organizational Unit (OU): Your department such as ‘Information Technology’ or “Website Security.” Subject Name (SN):The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Note: If you are dealing with a multi-domain certificate, enter your SANs on this screen as well. Country Name (C):The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. State or Province (S): The state or province where your organization is legally incorporated. Do not abbreviate. Country Name (C):The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Locality or City (L): The locality or city where your organization is legally incorporated. Do not abbreviate. Save the CSR Select a file name and a location to save your CSR. Review your selections and close the Wizard.   Generate the order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft Office Communications 2007.

How to Generate a CSR for Microsoft IIS 10 The following instructions will guide you through the CSR generation process on Microsoft IIS 10. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our IIS 10 SSL Installation Instructions and disregard the steps below. Access Server in IIS Launch IIS Manager and click the server name in the Connections menu on the left. Access Server Certificates Manager On the Home page for the server, locate the IIS section in the center window and double-click Server Certificates. The Server Certificates control panel will open in the center window. Create Certificate Request In the right-side Actionsmenu, click Create Certificate Request… The Request Certificate wizard will open in a new window. Fill out the Distinguished Name Properties: Common name: Must be a fully-qualified domain name (FQDN) like “domain.com”. Organization: Your organization’s legal name. If you do not have a company or organization, you can put another name or N/A here. Organizational unit: Your department within your organization. If you do not have an organization, put N/A. City/locality: Your city. State/province: Your state or region. This information must not be abbreviated, for example you must use “Florida” instead of “FL”. Country: Your country (select from drop-down list). Click Next when you are ready to proceed. Cryptographic Service Provider Properties On the Cryptographic Service Provider Properties page, select the following options from the drop-down menus: Cryptographic service provider: Microsoft RSA SChannel Cryptographic Provider Bit length: 2048 These are the standard options, but you may be able to select different options if needed. File Name On the File Name page, click the … box to specify a name and location to save your CSR file. The default directory is C:\Windows\System32. Click Finish when you are ready. Locate CSR on your system Navigate to the directory where you saved your CSR file and open the CSR in Notepad or your preferred text editor. Generate your SSL Certificate Return to the Generation Form on our website and paste the entire CSR into the blank text box. Then, proceed with the remainder of the order form and submit when you are ready. You should receive a vendor order ID number, and your certificate will enter the Validation process. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft IIS 10.

How to Generate a CSR for Microsoft IIS 8 The following instructions will guide you through the CSR generation process on Microsoft IIS 8. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Open Internet Information Services (IIS) Manager Click Start, Control Panel, System and Security, Administrative Tools, and then select Internet Information Services (IIS) Manager. Select the server where you want to generate the certificate In the left Connections menu, select the server name (host) where you want to generate the request. Navigate to Server Certificates In the center menu, click the Server Certificates icon under the Security section near the bottom. Select Create a New Certificate In the right Actions menu, click Create Certificate Request. Enter your CSR details In the Distinguished Name Properties window, enter in the required CSR details and then click Next. Note: To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article. Select a cryptographic service provider and bit length In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider and Bit Length of 2048, then click Next. Note: Bit Length: 2048 is the current industry standard. You may choose a larger key size, but only if you have a requirement to do so, as longer key lengths increase latency and may reduce compatibility. Save the CSR Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Finish. Generate the Order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft IIS 8.