TBS-certificates' FAQ - Frequently Asked Questions > Obtain a X509 certificate (SSL - TLS - Signature - Authentication) > Obtain a server certificate (X509 / SSL), create the certificate request: the CSR (Certificate Signing Request) :

Tweeter

Certificates

Comparison chart

Browsers

SSL EV

SSL Standard

SSL 128-bit

SSL wildcard

SSL SAN

Developer certificate

User certificate

Test certificates

PKI

The Trust Seals

Our products range

TBS X509

VeriSign / Symantec

Thawte

Comodo

GlobalSign

ChamberSign

GeoTrust

Partners

Client login

Open an account

FAQ

The Lab

Focus

VeriSign Trust Seal

Norton Secured Seal

As a VeriSign major partner, TBS internet is the first company in Europe to offer the VeriSign trust logo, the most recognized worldwide. An SSL certificate is no longer required as the seal is available after an organisation audit and comes with a malware detection system. More details...

Generate a CSR for Apache

These instructions are suitable for any server using ApacheSSL or Apache+mod_ssl or Apache 2. On the contrary do not apply these instructions on servers with an overlayer (Cobalt, Plesk, etc.) or Tomcat Generate a CSR for Tomcat.

New: Use our command line generator

In order to gain some time, you can now generate your command line with our online OpenSSL helper. Just copy/paste to finalize !

To install a certificate on Apache Windows, you will need a cryptographic tool to generate the private key and the CSR. To do so, you can use 'OpenSSL': Install OpenSSL on a Windows computer

1- Generate the private key

Connect under root and access the setup directory of your Apache server.
It is often:
```
			cd /etc/httpd/conf
			or
			cd /etc/apache/conf
			
```
We'll place our working files here but you can choose an other repertory.
Choose a file's name that fits you and generate the key with the following command:
```
openssl genrsa 2048 > www.xxx.com.key
```
If you want this key to be protected by a password (that will be requested any time you'll restart Apache), add:

"-des3" after "genrsa".
You can also enhance the quality of your key. To do so, add the instructions below after "genrsa":

"-rand/var/log/messages".

It enables random numbers to be used.

Make a backup copy of the .key file!

Protect your file with:
```
chmod 400 www.xxx.com.key
```

2- Create your certificate request (CSR)

Use this command to generate the CSR:

openssl req -new -key www.xxx.com.key > www.xxx.com.csr

The system will then ask you to fill in fields. To do so respect instructions of the page Obtain a server certificate

Country Name (2 letter code) []: (FR in France for example)
State or Province Name (full name) [Some-State]: (your state or province name, name of your département in France)
Locality Name (eg, city) []: (the name of your city)
Organization Name (eg, company) []: (your organization name)
Organizational Unit Name (eg, section) []: (free text)
Common Name (eg, YOUR name) []: (the name of the website to be secured)
Email Address []: (let blank)
Do not fill in fields such as: "A challenge password" or "An optional company name"

3- Finalize the order process

Use the appropriate link to place your order on our website. See Access an order form
Copy/Paste the content of the file www.xxx.com.csr in the form.

Notes

To generate the CSR, OpenSSL reads openssl.cnf by default. But on some platform this file is not appropriate.

In that case you can download ours:
- For VeriSign or Thawte server certificates: openssl-dem-server-cert-thvs.cnf
- For TBS X509 or Comodo server certificates: openssl-dem-server-cert.cnf
You can use the instructions up here for Apache under Windows, but make sure first that you have actually installed Apache with OpenSSL. Download it here. For the remaining instructions, just replace openssl by openssl.exe

Anonymous [ settings | log in ]

Last edited on 02/09/2012 08:35:15 --- [search]