== Apache 2.x
- cd /usr/bin/ (/your path to openssl/)
Enter a passphrase when prompted to. - openssl genrsa -des3 -out <name of your certificate>.key 1024
- openssl req -new -key <name of your certificate>.key -out <name of your certificate>.csr
== Netscape Enterprise Server 6.1
CSR-Generation Instructions
Before requesting an SSL certificate, you must create a trust database. When you create the trust database, you specify a password that will be used for a key-pair file. You will also need this password to start a server using encrypted communications. In the trust database you create and store the public and private keys, referred to as your key-pair file. The key-pair file is used for SSL encryption. You will use the key-pair file when you request and install your server certificate. The certificate is stored in the trust database after installation. The key-pair file is stored encrypted in the following directory:
server_root/alias/<serverid-hostname>-key3.db.
Creating a Trust Database
To create a trust database, perform the following steps:</>
- Go to "Administer Enterprise Server."
- Click on the "Security" tab
- Click on the "Create Database" link.
- Enter a password for the database.
- Repeat.
- Click "OK."
After creating a certificate trust database for your server, you can request a certificate and submit it to a Certification Authority (CA).
Generating CSR
- Go to "Administer Enterprise Server."
- Click on the "Security" tab
- Click "Request a Certificate."
- In the certificate-request form specify that this is a new certificate.
- Select CA URL (enter anything in the box).
- Select the alias and type in the password that you generated in the key-pair file.
- Type in the Distinguished Name field information:
- Common Name (the URL to which you wish to apply the requested certificate).
If you are requesting a Wildcard certificate, please add an asterisk (*) on the left side of the Common Name (e.g., "*.domainnamegoes.com" or "www*.domainnamegoeshere.com"). This will secure all subdomains of the Common Name.
Note: An SSL certificate only secures the exact fully-qualified domain entered as the Common Name in your certificate signing request. Thus, if your certificate secures "www.domainnamegoeshere.com," it will not secure the domain "domainnamegoeshere.com." If you need to secure both domains you must request an SSL certificate for each of them. - E-Mail Address.
- Organization.
- Organization Unit.
- City/Locality — Please spell out city/locality name. Do not abbreviate.
- State/Province — Please spell out state/province name. Do not abbreviate..
- Country Code &# 8212 The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
- Common Name (the URL to which you wish to apply the requested certificate).
- Review the information and click "OK."
- Using a plain-text editor cut/copy and paste the generated CSR into the applicable field in our online enrollment form.
== Exchange Server 2007
CSR Generation for Microsoft Exchange 2007 and Live Communications Servers
When generating a UCC CSR, there is a certain amount of specific unique information you must provide, including country, city, state, company name, and the additional domains that you want included in the resulting UCC certificate. The following is an example of the command you would enter, using the Exchange Manage Shell utility :
New-ExchangeCertificate -generaterequest -subjectname "c=Your Country, l=Your Locality/City, s=Your State, o=Your Corporation Name,cn=YourMainDomain.com" -domainname CAS01,CAS01.exchange.corp.contoso.com,exchange.contoso.com,autodiscover.contoso.com -PrivateKeyExportable $true -path c:\certrequest.txt
where :
- c = Your country of residence
- l = Your locality or city
- s = Your state
- o = Your corporation name
- cn = The first/main domain representing your SSL certificate
- -domain = The comma-separated list of additional domains that will be included in your certificate
- -PrivateKeyExportable $true = If you have to export a copy of the requested certificate to import it to a client computer or another server computer, you must use the -privatekeyexportable:$true parameter when you create the request
- -path c:\certrequest.txt = The complete path and filename where the resulting CSR file will be placed when generated
===================================