Obtain a server certificate (X509 / SSL), create the certificate request: the CSR (Certificate Signing Request)
Preamble
We'll then go back to you to deliver a turnkey certificate.
Step 0 : Make sure your server handles SSL
Fistly, make sure your server handles SSL or TLS.
If you do not host your own web site, you won't be able to request a certificate without your hosting company's help.
Note that some hosting companies provide management interface for this purpose (so contact your hosting company and make sure it offers SSL).
Step 1: Generate your certificate signing request file (CSR - PKCS #10)
It is advised to generate a public key of at least 2048-bit ANSSI and NIST impose the use of 2048-bit keys or more since January 1st 2011, More information here.
When requesting a certificate you will generate a private key. As soon as this key is generated, make a backup copy and protect it very carefully. Check exactly how to back up this private key with your server software provider. If this key falls into the wrong hands your security is compromised and you will have to revoke your certificate. If you lose the key you will not be able to use this certificate anymore. Translated with www.DeepL.com/Translator (free version)
During the generation of CSR, a certain number of fields will be proposed to you to enter the information. It is strongly recommended to have the administrative documentation within reach on hand to fill in the fields correctly. Any error in the input of a field will result in a delay!
Hosting companies: The certificate is always under the name of your customer, here we are then talking about your customer's documents.
-
CN : Common name / domain name / server name / FQDN:
here you have to indicate the name of your SSL server, for example "secure.entreprise.fr", or "www.mon-domaine.fr" or www.produit.com. No IP address (learn more). No spaces nor blank characters.
In case you want to order a multi-domain certificate / SANs, enter in the CSR only one address, the main one, the one that cannot be changed during the lifetime of your certificate (It is in our order form that you can then enter the other addresses to be secured, which can be updated at the time of re-creations).
N.B.: The use of certificates containing a reserved IP address or an internal name (xxx.local, machine_name) is disapproved by the CA / Browsers Forum and will not be accepted by any authority (learn more).
-
O : Organisation / Company Name:
Write the name (not the trade name or acronym) of your company or organization here, preferably in capital letters. -
ST : State:
in France indicate the name of the department where your company headquarters are based (not the number). -
L : Location / City:
indicate the city where your company headquarters are based. -
C : Country:
indicate FR if your company is in France, BE for Belgium, etc, in uppercase preferably. -
OU : Organisational unit / Department / Branch:
We advise not to fill in this field or to enter a generic term such as "IT Department".
Please note Some fields are subject to change by the authority, as they apply their own policies when issuing certificates. You can find more information on this page: Standard certificate fields
- Realised by Keybot, this service (free)
generate the private key and the CSR and send the latter directly to us.
You juste have to select the 'Automatic' method and to click on the 'Generate CSR' button.
At the time of the delivery of the certificate you will be able to obtain your certificate in a standard file "PFX" which you will be able to import simply on the majority of the servers / software of the market. - Generate a CSR for Apache
Generate your command line with our CSR creation assistant tool.
Linux distributions : ArchLinux, CentOs, Debian, Fedora, Mandriva, Open Suse, Gentoo, Red Hat, Ubuntu, Slackware, ... But also BSD, Mac OS X, EasyPhp, WAMP distributions, ... - Generate an ECC CSR for Apache with OpenSSL
- Generate a CSR for Plesk 6, 7 and 8
- Generate a CSR for Plesk 9 and 10
- Generate a CSR for Plesk 12
- Generate a CSR for Plesk 17 (Onyx)
- Generate a CSR for Axway CFT
- Generate a CSR for API Axway Gateway
- Generate a CSR with Axway SecureTransport
- Generate a CSR for Cisco ASA
- Generate a CSR for Cisco Ironport
- Generate a CSR on Cisco ISE
- Generate a CSR for Cisco Unified Communications Manager (CUCM)
- Generate a CSR for Cisco ExpressWay X7.2.2 and X8.1
- Generate a CSR for Citrix Access Essentials
- Generate a for Citrix Access Gateway
- Generate a CSR for Citrix Netscaler
- Generate a CSR for Citrix Secure Gateway
- Generate a CSR with Microsoft IIS4
- Generate a CSR with Microsoft IIS5 or IIS6
( Windows Serveur 2003, XP Professional) - Generate a CSR with Microsoft IIS7 / IIS8
( Windows serveur 2008, Windows Serveur 2012 / 2013, ... ) - Generate a CSR with Microsoft IIS8.X/10.X
( Windows Serveur 2012/2016 ) - Generate a CSR for Microsoft ISA
- Generate a CSR for Microsoft TMG
- Generate a CSR for Microsoft Exchange 2007
- Generate a CSR for Microsoft Exchange 2010/2013/2016/2019
- Generate a CSR for Microsoft Lync 2010
- Generate a CSR for Skype for Business Server 2015 (formerly Lync)
- Generate a CSR for Microsoft Small Business Server 2008
- Certificate for LDAPS with Active Directory (Microsoft support)
- Generate a CSR for Apache under Windows
- Generate a CSR from Windows Server using the certificate MMC
- Generate a CSR with certreq on Windows Server
- Generate a CSR for OpenSSL-based servers (PEM certificates)
(Open LDAP, Courier IMAP, Cyrus IMAPD, squid, Postfix TLS, Qmail TLS, Sendmail TLS, NGINX, FileZilla FTP Server, ...) - Our CSR creation assistant tool to create the command line and generate a CSR
- Install OpenSSL on a Windows machine
(OpenSSL tools are usually installed on Linux and equivalent servers) - Generate CSR for Domino
- Generate a CSR for Tomcat
- Generate a CSR with Sophos Mobile
- Generate a CSR with Sophos XG Firewall
- Generate a CSR for Axiliance RealSentry v2 or v3, or Bee-Ware i-Sentry v3 or v4
- Generate a CSR for Barracuda Networks
- Generate a CSR for Bluecoat
- Generate a CSR for Cegid Web Access Server
- Generate a CSR for F5
- Generate a CSR for Juniper Networks Secure Access
- Generate a CSR for Kerio Webstar 5
- Generate a CSR for Fastream platform
- Generate a CSR for Checkpoint VPN
- Generate a CSR for NETASQ Firewalls (NG1000-A, NG5000-A, ...)
- Generate a CSR for VMWare View 5.0 or inferior
- Generate a CSR for VMWare View/Horizon 5.1 or superior
- Generate a CSR for Barracuda Networks product
- Generate a CSR for Synology / Synology NAS products
- Generate a CSR for FileZilla FTP Server
- Generate a CSR for Zimbra
- Generate a CSR for FireWall FORTIGATE
- Generate a CSR for Wordpress
- Generate a CSR for 4D server / Business Kit
- Generate a CSR for IBM HTTP
- Generate a CSR for Sonicwall
- Generate a CSR for Pfsense
- Generate a CSR for Palo Alto
- Generate a CSR with WHM 11.54-56
- Generate a CSR for Kemp
- Generate a CSR with cPanel 11.54-56
- Generate a CSR for Pulse Secure
- Generate a CSR on SAP
- Generate a CSR from FileMaker Server
- Generate a CSR on Serv-U MFT
TBS KEYBOT - Automatic mode to generate a CSR for any kind of server
Apache:
Axway
Cisco:
Citrix:
Microsoft:
OpenSSL and OpenSSL-based servers:
IBM
Java and friends:
Sophos
Other software server, router, proxy:
Hosting companies and hosting platforms:
Common questions:
- Generating and installing a CSR on a software non-compatible 2048 bits.
- Browsers's SSL compatibility
- Do you have test certificates?
- Is possible to install several SSL websites on a same machine?
- Can I duplicate my certificate on several servers?
- What are limitations of Wildcard or OmniDomain certificates?
- CSR analysis failed
- Accented domain names (FQDN / SANs)
- I received a CSR correction request
Other instructions for CSR generation
- Generate a RGS server certificate with OpenSSL
- BEA WebLogic 6.1
- BEA WebLogic 8.1
- HCL (IBM/Lotus) Notes Traveler
- Oracle Web server (OSA 4.0.8)
- Redhat
- Sun Java web server
- WebSTAR/SSL
- Stalker CommuniGate Pro
- Certificate for LDAPS with Active Directory
- Checkpoint Connectra
- Novell Mobility Connector
- Thawte resources
- Generate a CSR on NAS Synology
Last edited on 04/26/2021 14:02:55 --- [search]