How to Generate a CSR for Sun Java Web Server 6.x

A key pair must be created for the server in order to generate a CSR. It is important for the key pair and the digital certificate to not be separated. If the password or the public/private key file is lost or amended before the SSL certificate is installed, the SSL certificate will need to be re-issued. In order for the installation to be successful, the private key, CSR, and the digital certificate must all match.

The following attributes need to be included in the CSR:

a. Country Name: Use the two-letter code without punctuation for country, for example: US

b. State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: Ohio

c. Locality or City: The locality field is the city or town, for example: Atlanta

d. Company: If your company or department have an &, @, or any other symbol in its name, you must spell it out or omit the characters to enroll.

e. Organizational Unit: This field is optional but can be useful in helping identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization or department unit making the request.

f. Common name: The Common Name is the Host + Domain name. It looks like "www.company.com" or "company.com"

NOTE: SSL certificates can only be used on the Web server using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because the URLs are different than the original domain name, "domain.com".

Generate a Key Pair and CSR

Step 1: Create a Key Database

1. Select the server instance to manage and click Manage.
   
   
2. Click Security.
   
   
3. Click Create Database.
   
   
4. Enter and confirm a password to protect this database.

Step 2: Generate a CSR

1. Click Request a Certificate.
   
   
2. Enter your own email address as the CA Email address. Although your Sun server supports the use of email for sending certificate requests, VeriSign requires you to paste the certificate request into the enrollment form.
   
   
3. Enter a key pair file password to protect your keys. This can be the same password as the key database.
   
   
4. Fill out all of the CSR information, and click OK.
   
   
5. To copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or vi are recommended).
   
   
6. Click Apply to commit the changes. You have just created a key pair and a CSR.
   
   
7. Verify your CSR
   
   
8. Paste the information into the enrollment form when prompted for the CSR.

BACK