Creating a Certificate Signing Request:
Install OpenSSL, if not found on server, and place it in PATH.
Create a RSA key for your Apache server by:
cd to /apacheserverroot/conf/ssl.key directory.(ssl.key is the default key directory.) If your have different setting, cd to your server’s private key directory
Type the following commands to generate a key pair:
openssl genrsa -rand /var/log/apache-ssl/error.log:/var/log/mail.log:/var/log/kern.log:/var/log/mysql/mysql.log:/var/log/messages 1024 > yourcertificate.key
* Note: In this example some system logs have been used as seeds.
Create a backup file!
*Make a copy of the private key file (server.key) generated in step 3 and store it in a safe place!* The private key file should begin with
-----BEGIN RSA PRIVATE KEY-----
and end in
-----END RSA PRIVATE KEY-----
Type the following commands to create a CSR with the server RSA private key (output will be PEM formatted):
openssl req -new -key ./yourcertificate.key > yourcertificate.csr
When creating a CSR you must follow these conventions.
Enter the information to be displayed in the certificate.
The following characters are not accepted: < > ~ ! @ # $ % ^ * / ( ) ?.,&
Wildcard certificates must start with *. characters
Do not enter extra attributes at the prompt.
Warning: Leave the challenge password blank (press <enter>)
* Note: If you would like to verify the contents of the CSR, use the following command:
$ openssl req -noout -text -in server.csr
Submit your CSR to IPSCA.
|
CSR GENERATION ON APACHE SSL