IdenTrust Inc. Logo
Home | Login | Contact Us  

  
OVERVIEW DIGITAL CERTIFICATE INSTRUCTIONS FAQ LIBRARY HOW-TO DOWNLOADS
Apache + MOD SSL

Support > Generation Instructions


Creating a Certificate Signing Request (CSR) and Key

Follow the step-by-step instructions to generate a certificate signing request (CSR) and key:

  1. Install OpenSSL, if not found on server, and put in PATH.
  2. Create a RSA key for your Apache server by:
    cd to /apacheserverroot/conf/ssl.key directory. (ssl.key is the default key directory. If your have different setting, cd to your server's private key directory)
  3. Type the following commands to generate a key pair:
    $openssl genrsa -des3 -out server.key 1024
  4. Enter and verify PEM passphrase. The passphrase will be used to install the server certificate.
    Warning: If you lose the passphrase, you must purchase another certificate.
  5. Type the following commands to create a CSR with the server RSA private key (output will be PEM formatted):
    $openssl req -new -key server.key -out server.csr
  6. When creating a CSR you must follow these conventions.
    Enter the Distinguished Name Field information.
    Note: The following characters can not be accepted:
    < > ~ ! @ # $ % ^ * / \ ( ) ?
    Distinguished
    Name Field    		 Explanation Example
    Country Name The two-letter ISO abbreviation for your country US = United States
    State or Province Name The state or province where your organization is legally located. Can not be abbreviated. Utah
    City or Locality The city where your organization is legally located. Salt Lake City
    Company (Organization) Name The exact legal name of your organization. Do not abbreviate. IdenTrust Inc.
    Department Name Section of the organization Marketing
    Server Hostname The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.identrust.com/, then your CSR's Server Hostname must be www.identrust.com
    Server Admin.'s email address Your e-mail address abc@identrust.com
  7. Do not enter extra attributes at the prompt.
    Warning: Leave the challenge password blank
  8. View the details of CSR via the command:
    $ openssl req -noout -text -in server.csr
  9. Send the entire certificate request (CSR) to IdenTrust, including ----BEGIN CERTIFICATE REQUEST---- and ----END CERTIFICATE REQUEST----

Key Pair Backup

  1. Backup this server.key file and remember the pass-phrase you had to enter at a secure location.
  2. View the details of the RSA private key via the command:
    $ openssl rsa -noout -text -in server.key

Back to Listing


RELATED CONTENT
Certificate Management Center
FAQ: Before You Buy
HOW-TO: Backup a Certificate
HOW-TO: Replace a Certificate
FAQ: General
FAQ: ACES
FAQ: ECA
FAQ: State of Washington
PKI Basics
Certificate Security and Protection
Change Control Schedules
Support Main
Contact Support
 

FEDERAL AGENCY PROGRAMS
Department of State
D-Trade
Department of Labor
Department of Labor
Department of Treasury IRS
Secure Data Transfer
MeF Electronic Filing Certificate
General Services Administration
eOffer

STATE AGENCY PROGRAMS
Florida
JCalendar for State Court Systems
West Virginia
Department of Environmental Protection
Virginia
Department of Transportation (VDOT)
Department of Mines Minerals and Energy (DMME)
 © 2008 IdenTrust Inc. All Rights Reserved    Home | Contact Us | Legal Policies IdenTrust