Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-04-10 14:20:43.0

How is a Certificate Signing Request (CSR) generated for Apache HTTP Server using OpenSSL

Article Number: 46326

User-added image
Certificate Signing Request (CSR) Help
For for Apache using OpenSSL


Complete the following steps to create your CSR.

The process below will guide you through the steps of creating a Private Key and CSR.
 
IMPORTANT: The private key is not to be shared by anyone, sharing of the private key is against best practice. If you require to share the private key it is best to transfer in a secure manner and not through open communication such as unencrypted email. DO NOT provide Entrust with the private key.
 
1. Launch the OS Terminal or Command Prompt:

SHA-2 signing algorithm:
Type the following command: openssl req -new -newkey rsa:2048 –sha256 -nodes -keyout server.key -out server.csr
PLEASE NOTE: Replace "server.key" and "server.csr" with your own values 
    2. Once prompted for a "Common Name" enter the Fully Qualified Domain Name (FQDN) that you wish to secure in the certificate
      For Wildcard: If you are going to be requesting a Wildcard Certificate you will need to place an asterisk * in front of the domain (e.g. *.entrust.com)
        You will also be prompted for the following information:
        Attribute
        Prefix
        Description
        Example
        Country/Region
        C
        Business Location - Country
        CA
        State/Province
        ST
        Business Location - State/Province
        Ontario
        City/Locality
        L
        Business Location - City
        Ottawa
        Organization Unit
        OU
        Organization Unit if required to be listed*
         Optional*
        Organization
        O
        Organization’s legal business name
        Entrust Inc.
        Common Name
        CN
        Domain to be secured by certificate
         
        PLEASE NOTE: Do not use a Challenge Password
         
        * If you require an Organization Unit, the value you place will be required to pass verification. If the OU is considered misleading or a registered trademark to a different legal entity it will be removed from certificate that is issued and show up with no value.
         
        Command Output Sample:
        [User@localhost ~]$ openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
        Generating a 2048 bit RSA private key
        .........................................................................+++
        ............................................+++
        writing new private key to 'server.key'
        -----
        You are about to be asked to enter information that will be incorporated
        into your certificate request.
        What you are about to enter is what is called a Distinguished Name or a DN.
        There are quite a few fields but you can leave some blank
        For some fields there will be a default value,
        If you enter '.', the field will be left blank.
        -----
        Country Name (2 letter code) [XX]:CA
        State or Province Name (full name) []:Ontario
        Locality Name (eg, city) [Default City]:Ottawa
        Organization Name (eg, company) [Default Company Ltd]:Entrust Inc.
        Organizational Unit Name (eg, section) []:
        Common Name (eg, your name or your server's hostname) []:www.entrust.com
        Email Address []:
         
        Please enter the following 'extra' attributes
        to be sent with your certificate request
        A challenge password []:
        An optional company name []:
         
        3. You will now have a Private Key and CSR, the CSR contents are used to submit the request to Entrust to issue the certificate. You can view the contents of the CSR by opening the file within a basic text editor, to confirm the information is correct use the Entrust CSR viewer to parse the information within the CSR: http://www.entrust.net/ssl-technical/csr-viewer.cfm

        If you have any questions or concerns please contact the Entrust Certificate Services support department for further assistance.

        Hours of Operation:
        Sunday 8:00 PM ET to Friday 8:00 PM ET 
        North America (toll free): 1-866-267-9297 
        Outside North America: 1-613-270-2680 (or see the list below) 
        NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
         
        CountryNumber
        Australia0011 - 800-3687-7863
        1-800-767-513
        Austria00 - 800-3687-7863
        Belgium00 - 800-3687-7863
        Denmark00 - 800-3687-7863
        Finland990 - 800-3687-7863 (Telecom Finland)
        00 - 800-3687-7863 (Finnet)
        France00 - 800-3687-7863
        Germany00 - 800-3687-7863
        Hong Kong001 - 800-3687-7863 (Voice)
        002 - 800-3687-7863 (Fax)
        Ireland00 - 800-3687-7863
        Israel014 - 800-3687-7863
        Italy00 - 800-3687-7863
        Japan001 - 800-3687-7863 (KDD)
        004 - 800-3687-7863 (ITJ)
        0061 - 800-3687-7863 (IDC)
        Korea001 - 800-3687-7863 (Korea Telecom)
        002 - 800-3687-7863 (Dacom)
        Malaysia00 - 800-3687-7863
        Netherlands00 - 800-3687-7863
        New Zealand00 - 800-3687-7863
        0800-4413101
        Norway00 - 800-3687-7863
        Singapore001 - 800-3687-7863
        Spain00 - 800-3687-7863
        Sweden00 - 800-3687-7863 (Telia)
        00 - 800-3687-7863 (Tele2)
        Switzerland00 - 800-3687-7863
        Taiwan00 - 800-3687-7863
        United Kingdom00 - 800-3687-7863
        0800 121 6078
        +44 (0) 118 953 3088
         

          TN8231

          Affected Products:

          • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable