Enter CSR and Private Key command. Generate a private key and CSR by running the following command: Here is the plain text version to copy and paste into your terminal: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr. Note: Replace “server ” with the domain name you intend to secure. Enter your CSR details. You can generate a public and private RSA key pair like this. Openssl rsa -in private.pem -outform PEM -pubout -out public.pem. The -pubout flag is really important. Be sure to include it. Next open the public.pem and ensure that it starts with -BEGIN PUBLIC KEY-. This is how you know that this file is the public key of the pair.
To generate a Certificate Signing Request (CSR), perform the following steps:
Generating the Key Pair
1. The utility 'OpenSSL' is used to generate both Private Key (key) and Certificate Signing request (CSR). OpenSSL is usually installed under /usr/local/ssl/bin. If you have a custom install, you will need to adjust these instructions appropriately.
2. Type the following command at the prompt:
openssl genrsa –des3 –out www.mydomain.com.key 2048
Note: If you do not wish to use a Pass Phrase, do not use the -des3 command. It will however leave the private key unprotected.
3. Enter the PEM Pass Phrase (This MUST be remembered)
Git generate ssh key windows 8. 4. This will generate a 2048 RSA Private key, and stores it in the file www.mydomain.com.key.
Generating the CSR
1. Type the following command at the prompt:
openssl req –new –key www.mydomain.com.key –out www.mydomain.com.csr
Note: You will be prompted for the PEM Pass Phrase if you included the '-des3' command. Type it in now.
NOTE: There is a known issue with Apache/OpenSSL Windows Based Installations. If you recevie an error with the above command, Please enter the following:
openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr -config openssl.cnf
2. Input the information for the Certificate Signing Request. This information will be displayed in the certificate.
Note: The following characters can not be accepted: < > ~ ! @ # $ % ^ * / ( ) ?.,&
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:London
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Global Sign
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:www.globalsign.net (Must be the FQDN - Fully Qualifed Domain Name)
Note: DO NOT Enter the following:
Email Address []:
A challenge password []:
An optional company name []:
3. Please verify the CSR, to insure all information is correct. Use the following command:
openssl req -noout -text -in www.mydomain.com.csr
4. The CSR will now be created, and can be submitted via the website.