Author name: ssl

How to Generate a CSR for Microsoft IIS 7 The following instructions will guide you through the CSR generation process on Microsoft IIS 7. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Open Internet Information Services (IIS) Manager Click Start, Control Panel, Administrative Tools, and then select Internet Information Services (IIS) Manager. Select the server where you want to generate the certificate In the left Connections menu, select the server name (host) where you want to generate the request. Navigate to Server Certificates In the center menu, click the Server Certificates icon under the Security section near the bottom. Select Create a New Certificate In the right Actions menu, click Create Certificate Request. Enter your CSR details In the Distinguished Name Properties window, enter in the required CSR details and then click Next. Note: To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article. Select a cryptographic service provider and bit length In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider and Bit Length of 2048, then click Next. Note: Bit Length: 2048 is the current industry standard. You may choose a larger key size, but only if you have a requirement to do so, as longer key lengths increase latency and may reduce compatibility. Save the CSR Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Finish. Generate the order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft IIS 7.

How to Generate a CSR for Microsoft IIS 5 & 6 The following instructions will guide you through the CSR generation process on Microsoft IIS 5 & 6. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Open Internet Information Services (IIS) Manager Click Start, Control Panel, Administrative Tools, and then select Internet Information Services (IIS) Manager. Navigate to Website Properties In the left menu, click + next to your local computer and then Web Sites. Right-click the website (i.e. Default Web Site) that you want to protect and click Properties. In Directory Security, select Server Certificates In the Default Web Site Properties window, select the Directory Security tab, click Server Certificate…, and then Next. Select Create a New Certificate Then click Next. Note: For renewing an existing SSL Certificate, select “Renew, Remove, or Replace your certificate” and skip to Step 7. Select Prepare request now, but send it later Then click Next. Enter a Friendly Name Enter a friendly name for your certificate, select a Bit Length of 2048, and click Next, without checking the boxes. Note: Please name the certificate something you can easily recognize in the future. This will only be an internal reference name and will not be part of your SSL certificate. Follow the wizard to enter in your organization and website information Enter your legally incorporated Organization Name and Organizational Unit such as “IT Security” and click Next. Enter your Common Name which will be the FQDN (fully qualified domain name) on your SSL certificate. Note: For Wildcard Certificates, you must add the asterisk symbol in the left furthest sub-domain (i.e. *.domainname.com) which is what enables an unlimited number of coverage at that specific level. Select the Geographic Location for your company and click Next. Save the CSR Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Next. Finish Review the Request File Summary and if changes are required, click Finish. Generate the Order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you com.plete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft IIS 5 & 6.

How to Generate a CSR for Microsoft Exchange 2016 The following instructions will guide you through the CSR generation process on Microsoft Exchange 2016. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our Exchange 2016 SSL Installation Instructions and disregard the steps below. Login to Exchange Admin Center (EAC) Use a web browser to navigate to the URL of your server, i.e. https://localhost/ecp On the EAC login page, enter your domain or username and password and sign in. Navigate to “Certificates” In EAC, on the left-hand sidebar menu, click Servers, then on the menu on top of the page, click Certificates. On Certificates page, use the Select server menu to pick your Exchange 2016 server, then click the + symbol. Create New Request In  the new Exchange certificate wizard, select Create a request for a certificate from a certification authority, then click Next. Enter Friendly Name Type a Friendly name for this certificate. The friendly name is used to distinguish the certificate from other certificates with the same domain name and is not included in the certificate file. It’s recommended to include the date and certificate issuer in the friendly name so it can be easily identified. Indicate if certificate is Wildcard If you are not creating a CSR for a Wildcard SSL certificate, click next. If you are creating a Wildcard SSL CSR, check Request a wildcard certificate. The Root domain should then follow the wildcard format, e.g. *.domain.com Select which server to save request onto Store the certificate request on this server: click Browse and select the server where the certificate request should be stored. Click next. Specify Domains Select domains to include on the SSL certificate: If you are creating a wildcard SSL CSR, skip this step and click Next. Select the domains you want included on your SSL certificate. IMPORTANT: Adding additional domains on your CSR will not automatically include them on the certificate! You must list the domains on your SSL order form during the online generation step as well. Click next and the wizard will populate a list with suggested domains. You do not need to edit the list of domains on this page, it can be edited on the next page. On the next page, you may add, edit, remove, or select the domains to be included on the SSL certificate. Then click Next. Enter the CSR details Specify information about your organization: Organization name: Type your company’s registered name. If there is no associated company, type your domain, or type None. Department name: Type your department, if applicable. City/locality: Type the city/locality where you are located. State/province: Type the state, province, or region where you are located. Do not use abbreviations. Country: Select your country from the drop-down menu. Save the CSR Save the certificate request to the following file: enter a UNC path to save your CSR. You must be able to access this location to retrieve your CSR. Click Finish to save the CSR to the specified UNC path. Generate the Order Open the CSR file in a text editor (Notepad). Copy the full text block, including —–BEGIN NEW CERTIFICATE REQUEST—– header and —–END NEW CERTIFICATE REQUEST—– footer. Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our SSL validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft Exchange 2016.

How to Generate a CSR for Microsoft Exchange 2013 The following instructions will guide you through the CSR generation process on Microsoft Exchange 2013. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Log in to Exchange Admin Center This can typically be accessed by going to https://localhost/ecp. Enter your Domain/Username and Password and click Sign in. Navigate to “Certificates” Click on Servers in the left menu, then select Certificates at the top right, then the + icon. Create new Request In the New Exchange Certificate wizard, select Create a request for a certificate from a Certificate Authority and then click Next. Enter a Friendly Name Enter a Friendly Name that will help you distinguish the request in the future and click Next. Note: This is only for your internal reference and not a part of the actual SSL Certificate. Indicate if certificate is Wildcard Select the check box ONLY if you are using a Wildcard Certificate (*.yourdomain.com) and if so, just enter the root domain of your certificate such as “yourdomain.com”. If not, proceed accordingly to the next screen/step. Select which server to save request onto Click Browse to select which server you want to save the request on and click Next. Specify Domains Select the Services or domains you want to include in your certificate and click Next. You can highlight the list of services or additional domains by using Ctrl+Click. Note: You can skip this step if you are using a Wildcard Certificate. Review the list of names that Exchange 2013 recommends using in your CSR and click Next. You can add, edit, or delete the names by using the +, – features provided. Enter the CSR details Then click Next. Note: To avoid the common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article. Save the CSR Enter the directory or path where you want to save the CSR as a “.req” file and click Finish. Generate the Order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft Exchange 2013.

How to Generate a CSR for Microsoft Exchange 2010 The following instructions will guide you through the CSR generation process on Microsoft Exchange 2010. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Launch Exchange Launch Microsoft Exchange 2010 from your programs and select Exchange Management Console. Navigate to “New Exchange Certificate” Select Manage Databases on the right hand side. Select Server Configurations in the left side menu. Select New Exchange Certificate in the right side menu. Enter a Friendly Name Enter a Friendly Name when prompted in the opened window. Note: Please name the file something you can easily recognize in the future. This will only be an internal reference name and will not be part of your SSL certificate. Indicate if certificate is Wildcard In the Domain Scope menu, select the check box ONLY if you are using a Wildcard Certificate (*.yourdomain.com) and if so, skip to Step 6. If not, proceed accordingly to the next screen/step. Specify Domain Names In the Exchange Configuration menu, click the Service Options that you plan on securing and specify the Domain Name for each service. Note: The next screen will suggest names for you. You can remove them if you like by right clicking on them. Enter in the CSR Details Common Name (CN):The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Organization Name (ON):The full legal name of your organization including the corporate identifier. Organizational Unit (OU): Your department such as ‘Information Technology’ or “Website Security.” Locality or City (L): The locality or city where your organization is legally incorporated. Do not abbreviate. State or Province (S): The state or province where your organization is legally incorporated. Do not abbreviate. Country Name (C):The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Save the CSR Click Browse to specify the location where you want to save the CSR as a “.reg” file and click Save. Enter a friendly name to distinguish the request in the future. Click Next, New, and then Finish. Generate the Order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft Exchange 2010.

How to Generate a CSR for Microsoft Exchange 2007 The following instructions will guide you through the CSR generation process on Microsoft Exchange 2007. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Launch Exchange Launch Microsoft Exchange 2007 from your programs and select Exchange Management Shell. Enter CSR command Copy and paste the below command in a text editor such as Notepad. New-ExchangeCertificate -GenerateRequest -KeySize 2048 -Path c:\YourCSRName.txt -SubjectName “c=US, l=YourLocalityOrCity, s=YourStateOrProvince, o=YourCompanyInc, cn=YourFirstDomain.com” -DomainName SubjectAlternativeName1.com, SubjectAlternativeName2.com -PrivateKeyExportable:$true Edit your CSR details in Notepad -Path c:\YourCSRFileName.txt: The file path where you want to save the CSR as a “.txt” file. Country Name (C):The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Locality or City (L): The locality or city where your organization is legally incorporated. Do not abbreviate. State or Province (S): The state or province where your organization is legally incorporated. Do not abbreviate. Organization Name (O):The full legal name of your organization including the corporate identifier. Common Name (CN):The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Domain Name (DN):Use a comma(s) to separate any additional domains (Subject Alternative Name) from your primary domain name (Common Name) that you wish to secure under the same SSL certificate; if necessary. PrivateKeyExportable:$true: Leave this command marked as “$true” if you want to export the key pair and move the SSL certificate to another computer or device. Enter CSR into Exchange Management Shell Copy and paste the edited CSR details into the Exchange Management Shell utility, and press Enter. A Thumbprint should appear if the CSR was successfully created. Generate the Order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft Exchange 2007.

How to Generate a CSR for Media Temple (GRID) The following instructions will guide you through the CSR generation process on Media Temple (GRID). To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Log In Log in to Media Temple and view your Account Center. Navigate to “Domains” and select the domain you are securing Click Domains in the navigation bar and select the appropriate domain name. View your GRID Control Panel Note: The list of configuration options can vary depending on if you selected the “primary domain” under your account. For securing the Primary Domain, scroll down to Add-Ons and select SSL Certificate.      4.Select “Generate CSR” In the configuration page, scroll down to Certificate Signing Request and select Generate CSR. Fill out the Request Form and click Generate. Note 1:To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article. Note 2: By default, Media Temple will automatically generate the corresponding private key and store it within your Account Center. Generate the Order Congratulations, you have created a CSR and it should appear on the same page. Copy all of the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Media Temple (GRID).

How to Generate a CSR for Mac OS X El Capitan The following instructions will guide you through the CSR generation process on Mac OS X El Capitan (v.10.11). To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Launch the Mac OS X El Capitan (v.10.11) Server App. Navigate to the server settings From the Finder window, under Favorites, select Applications and then Server.

How to Generate a CSR for LiteSpeed The following instructions will guide you through the CSR generation process on LiteSpeed. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Note: The following guide assumes that you have OpenSSL installed and feel comfortable entering command prompts. Run private key generation command Generate an RSA private key by running the following command: Openssl genrsa –out server.key 2048 Note: The text “server.key” will set the file name of your private key. You can rename this at your discretion, but make sure you leave the extension as “.key”. Run CSR generation command Generate the CSR by running the following command: Openssl req –new –key server.key –out server.csr Note: The text “server.key” should be changed to match whatever file name you specified when creating the private key in Step 1. You can rename this at your discretion, but make sure you leave the extension as “.csr”. Enter details The command will prompt you to enter in the following CSR details: Common Name (CN):The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Organization Name (ON):The full legal name of your organization including the corporate identifier. Organizational Unit (OU): Your department such as ‘Information Technology’ or ‘Website Security.’ Locality or City (L): The locality or city where your organization is legally incorporated. Do not abbreviate. State or Province (S): The state or province where your organization is legally incorporated. Do not abbreviate. Country Name (C):The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Generate the order Congratulations, you created a CSR and it was automatically saved under the file name you specified and in the directory where you ran the command. Locate and open the newly created CSR in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for LiteSpeed.

How to Generate a CSR for Jetty Java HTTPS Servlet Web Server The following instructions will guide you through the CSR generation process on Jetty Java HTTP Servlet Web Server. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Run private key generation command Generate a keystore and private key by running the following command: keytool -genkey -alias [enter_alias_name] -keyalg RSA -keystore [enter_keystore_name] -keysize 2048 Create a password Enter a keystore password. Note: Java servers will use a default password unless you decide to change it by specifying a customer password in the server.xml configuration file. Enter the CSR details when prompted: Common Name (CN):The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Organization Name (ON):The full legal name of your organization including the corporate identifier. Organizational Unit (OU): Your department such as ‘Information Technology’ or ‘Website Security.’ Locality or City (L): The locality or city where your organization is legally incorporated. Do not abbreviate. State or Province (S): The state or province where your organization is legally incorporated. Do not abbreviate. Country Name (C):The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Select Enter when prompted for the private key alias password. Note: This will set the private key password to the same password used for the keystore from Step 2. Please save the private key and keystore password. If lost, they cannot be retrieved and you’ll have to start over. Backup the keystore file After creating the Keyentry, by accessing the following directory and saving the file somewhere safe in case of a system crash or failure. C:\WINNT\Profiles\Administrator\.keystore Or C:\Documents and Settings\your name\.keystore Run the CSR generation command Generate a CSR off the Keyentry by running the following command: keytool -certreq -alias [alias_name] -file certreq.csr -keystore [keystore_name] Locate and open the newly created CSR in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Generate the order Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Jetty Java HTTP Servlet Web Server.