How to Generate a CSR for IBM HTTP Server
You will need to create a key pair for your server to generate a CSR. These two items are a digital certificate key pair and must not be separated. Losing your public/private key file or password will result in you havinf to generate a new one, causing your SSL Certificate to no longer match. You will have to order a new SSL Certificate and which may result in a charge.
The CSR needs to contain the following attributes:
Country Name (C):
Use the two-letter code without punctuation for country, for example: US or CA.
State or Province (S):
Spell out the state completely; do not abbreviate the state or province name, for example: California.
Locality or City (L):
The Locality field is the city or town name, for example: Berkeley.
If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corportation or XY and Z Corportation.
Organizational Unit (OU):
This field is the name of the department or organization unit making the request.
Common Name (CN):
The Common Name is the Host + Domain Name. It looks like "www.company.com"or "company.com".
SSL certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com"will receive a warning if accessing a site named "www.domain.com"or "secure.domain.com", because "www.domain.com"and "secure.domain.com"are different from "domain.com".
Step 1: Generate a keypair
Step 2: Generate a Certificate Signing Request (CSR)
Use the utility "openssl" to generate the key and CSR. This utility comes with the OpenSSL package. You usually install it under /usr/local/ssl/bin. (If you have installed openssl elsewhere you will need to adjust these instructions appropriately).
Generate a private key using the following command: openssl genrsa -des3 2048 > verisign.key
- Change directory to your SSL Certificate directory: cd /usr/local/ssl/crt
- Generate a CSR using the following command:
openssl req -new -key ./verisign.key > verisign.csr
- Verify your CSR
- To copy and paste the information into the enrollment form, open the file verisign.csr in a text editor that does not add extra characters (Notepad or vi are recommended).