How to Generate a CSR for Webstar 4.x Server
You will need to create a key pair for your server to generate a CSR. These two items are a digital certificate key pair and must not be separated. Losing your public/private key file or password will result in you havinf to generate a new one, causing your SSL Certificate to no longer match. You will have to order a new SSL Certificate and which may result in a charge.
Steps to Generating a Key Pair and CSR:
- Launch the Key Generator application
- Create a password to protect your key. The password must be at least 8 characters long, including letters, numbers and punctuation; make sure the password is not a name or a word. You will need to use your password later to authorize WebSTAR SSL to use your public/private key pair.
- Be sure to write your new password down and store it in a safe place. Once the password is lost or forgotten, it cannot be recovered. You will have to repurchase a new certificate or have a certificate reissued.
- Click the Create Key button to generate your private key file.
- Be sure to give the new file a name such as "Private Key File" for example. Then save it in the root folder for the SSL host (the WebSTAR folder or the host folder if you have a secondary IP host).
- Upon creation of the new key file, the Key Generator will beep and will allow you to click OK to quit.
- Make sure that the key file is located within the WebSTAR folder. If it is not there already, move it to that folder now.
- Launch the CSR Utility application (located in the Tools & Examples folder, SSL Tools folder).
- Click Choose and select the Private Key file you created. Once you select a private key file, the key file and the Certificate you will receive will be a signed Certificate pair. Once this process occurs, the pair cannot be separated.
- If you lose the Private Key and generate a new one, your Certificate will no longer match. You will have to send a request to the Certificate Authority for a new Certificate. This request for a new Certificate may result in a charge. In order to avoid unnecessary fees, keep backup copies of your file in a secure location.
- Enter the password required to access you public/private key pair (the password you entered when generating the key pair).
- Click the Create button in order to generate your encrypted Certificate request form. This command will prompt for the following X.509 attributes for the certificate:
a. Country Name: Use the two-letter code without punctuation for country, for example: US
b. State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: Ohio
c. Locality or City: The locality field is the city or town, for example: Atlanta
d. Company: If your company or department have an &, @, or any other symbol in its name, you must spell it out or omit the characters to enroll.
e. Organizational Unit: This field is optional but can be useful in helping identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization or department unit making the request.
f. Common name: The Common Name is the Host + Domain name. It looks like "www.company.com" or "company.com"
- The application creates a file named Certificate Request by default. You can use that name or rename it.
- Quit the CR Utility program.
- You have completed the process of creating a key pair and a CSR.
- To copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters (Vi or Notepad are highly recommended).
- Verify your CSR