How to Generate a WildCard SSL Certificate Signing Request (CSR) for Apache + Mod SSL + OpenSSL

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 3.33 out of 5)
Loading...

Understand CSR Generation Process for Wildcard SSL Certificate on Apache + Mod SSL + OpenSSL

Due to the vast number of emails, calls and live chat requests being received from SSL users on a daily basis regarding Certificate Signing Request (CSR) generation, which is required in order to obtain a certificate from Certificate Authorities (CA), we have compiled this guide.

In this guide, we will specifically address the process of obtaining a Certificate Signing Request for Apache + Mod SSL + OpenSSL servers. Here we have included the easy and quick steps of CSR generation from the major Certificate Authorities (CAs) on the web.

In order to create a CSR user need two types of keys known as private and public keys. Next, in order for the CSR to actually be generated all keys, password and certificate must contain the same information before installing any certificate on the server.

The following is a step-by-step guide to WildCard SSL CSR generation from RapidSSLonline.com who is a leading SSL Certificate provider and Platinum Partner of leading CAs such as Symantec, GeoTrust, Thawte, and RapidSSL.

Step1: Creation of the Private Key

Here, we have what is commonly known as the OpenSSL utility, which is mostly used in order to generate the private key and CSR. The OpenSSL utility comes standard with any OpenSSL package and should be installed on the following path;

/usr/local/ssl/bin

If the OpenSSL utility package installed on a different path, please refer to the information below to adjust the OpenSSL package installation path.

Enter the following commands at the prompt:

opensslgenrsa -des3 -out .key 2048

The above command will raise a 2048 bit RSA private key and it will store at the file www.myhostname.com.key.

Key Note: All SSL Certificate CSRs must have 2048-bit key length

IMPORTANT: When prompted with the password command be sure to enter a secure password that can also be remembered. This password will not only protect the private key but will be essential to the secure certificate as well. That being said, a password that cannot be recalled is about as useless as any bad or unsecure password (i.e. 1234321, PASSWORD) out there.

Key Note: To bypass the passphrase requirement, omit the -des3 option when generating the private key. However, if you choose to leave the private key unprotected, Symantec recommends access to the server be heavily restricted so that only authorized server administrators can access or read the private key file.

Step 2: Generation of the CSR (Certificate Signing Request)

Enter the following command at prompt:

opensslreq -new -key .key -out .csr

Key Note: If you are using OpenSSL on a Windows server you may be able to use the following direct path to reach “openssl.cnf”:

opensslreq -new -key .key -config “c:\Apache Software Foundation\Apache2.2\conf\openssl.cnf” -out .csr

You must now enter the mandatory information of the organization in order to create the CSR. The following is a basic overview of each requirement.

Certificate Signing Request or CSR Guide for Wildcard SSL Certificate

  • First of all, go to start menu and open the Internet Information Services (IIS) manager.
  • You would find the Connections column on the left. Double-click on Server Certificates listed in the column.IIS Search Consol for Server Certificates
  • Now go to the Actions column on the right-hand side and double-click on Create Certificate Request.IIS Manage for Create Certificate Request
  • Enter all your company information in the Request Certificate window and click Next.
  • Now, let the default Cryptographic Service Provider remain as it is and change the bit length to 2048 bit or higher. Click Next.IIS Console for CSP Properties
  • Save the certificate by browsing the file name and click Finish.

Country Name: Enter the two letter code without punctuation of the respective country (i.e. US, UK)

State or Province: Enter the complete state name, please be sure to not abbreviate or shorten it. (i.e. New York, not NY)

Locality or City: The Locality field is the city or town name, again, do not abbreviate. (i.e. Saint Petersburg, not St. Petersburg)

Company: If the company or organization name has any symbol such as &, @, or * included within their name the symbol must be properly spelled out. Here are the illustrations of (i.e. AB & C Corporation would be AB and C Corporation)

Organizational Unit: This field is optional but, if provided, this information will serve as additional authentication for obtaining the certificate from the CA. But if you prefer to skip this step, simply press enter on the keyboard.

Common Name: The Common Name is the Host + Domain Name. The information provided here will look much like something along the lines of “*.company.com”.

Key Note: Do not try to add an email address, challenge password or an optional company name when generating the CSR.

At this point, you will have successfully generated both your private and public keys. The private key (www.hostname.com.key) is stored locally on the server and is employed for decryption. The public key, in the form of a WildCard SSL Certificate Signing Request (certrequest.csr), will be for certificate enrollment.

To copy and paste the information into the enrollment form, open the file in a text editor such as Notepad or Vi and save it as a .txt file. Do not use Microsoft Word as it will insert extra hidden characters that will alter the contents of the CSR rendering it useless.

In order to know more about Wildcard SSL Certificate security features and its functionality if you are still not sure whether you have bought right Wildcard SSL certificate with appropriate security feature then visit our official wildcard SSL certificate and choose the right one.

Easy and quick CSR generation tool from experts of Wildcard SSL certificate. More information visit our CSR generation tool page.

Video Guides for SSL Certificates Installation on Apache Server

Buy Wildcard SSL Certificates & Save Up to 60%

Secure unlimited subdomains on the multiple servers with a single Wildcard SSL Certificate.

Shop for Cheap Wildcard SSL Certificate and Save Up to 60%

About Jim Aron

Jim Aron is website security and SSL encryption specialist at RapidSSLonline. He has massive knowledge on various types of SSL security certificate such as Wildcard SSL, EV SSL, SAN SSL, UCC Certificate, Multi Domain Wildcard, and Code Signing Certificate. Follow him on twitter if want any help related to SSL certificate.