Entrust Certificate Services Support Knowledge BaseLast Modified: 2016-07-05 15:46:21.0
How is a Certificate Signing Request (CSR) generated for Apache HTTP Server using OpenSSL
Article Number: 46326
How is a Certificate Signing Request (CSR) generated for Apache HTTP Server using OpenSSL?
The process below will guide you through the steps of creating a Private Key and CSR
IMPORTANT: The private key is not to be shared by anyone, sharing of the private key is against best practice. If you require to share the private key it is best to transfer in a secure manner and not through open communication such as unencrypted email. DO NOT provide Entrust with the private key.
Launch the OS Terminal or Command Prompt:
For SHA-1 signing algorithm:
Type the following command: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
For SHA-2 signing algorithm:
Type the following command: openssl req -new -newkey rsa:2048 –sha256 -nodes -keyout server.key -out server.csr
PLEASE NOTE: Replace "server.key" and "server.csr" with your own values
Once prompted for a "Common Name" enter the Fully Qualified Domain Name (FQDN) that you wish to secure in the certificate
For Wildcard: If you are going to be requesting a Wildcard Certificate you will need to place an asterisk * in front of the domain (e.g. *.entrust.com)
You will also be prompted for the following information:
Business Location - Country
Business Location - State/Province
Business Location - City
Organization Unit if required to be listed*
Organization’s legal business name
Domain to be secured by certificate
PLEASE NOTE: Do not use a Challenge Password
Command Output Sample:
[User@localhost ~]$ openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Generating a 2048 bit RSA private key
writing new private key to 'server.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CA
State or Province Name (full name) :Ontario
Locality Name (eg, city) [Default City]:Ottawa
Organization Name (eg, company) [Default Company Ltd]:Entrust Inc.
Organizational Unit Name (eg, section) :
Common Name (eg, your name or your server's hostname) :www.entrust.com
Email Address :
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
You will now have a Private Key and CSR, the CSR contents are used to submit the request to Entrust to issue the certificate. You can view the contents of the CSR by opening the file within a basic text editor, to confirm the information is correct use the Entrust CSR viewer to parse the information within the CSR: http://www.entrust.net/ssl-technical/csr-viewer.cfm
- Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable