Generate a CSR on a Fastream platform
To generate your CSR and private key, 2 options are available:- With the OpenSSL software
- With Fastream
1- Private key and CSR generation with OpenSSL
New: Use our command line generator
In order to gain some time, you can now generate your command line with our CSR creation assistant tool. Copy/paste this line and that's it!
1- Generate the private key
-
Connect under
root
and access the setup directory where the certificate and private key will be stored. -
The private key is generated with the following command line (choose an appropriated file name)
openssl genrsa 2048 > www.example.com.key
-
If you want this key to be protected by a password (that will be requested any time you'll restart Apache), add:
"-des3"
after "genrsa").
-
You can also enhance the quality of your key. To do so, add the instructions below after "genrsa":
"-rand/var/log/messages"
.
It enables random numbers to be used.
Make a backup copy of the .key file!
-
Protect your file with:
chmod 400 www.example.com.key
- Now, your private key extension has to be changed. (From .key to .pem)
2- Create your certificate request (CSR)
-
Use this command to generate the CSR:
openssl req -new -key www.example.com.key > www.example.com.csr
-
The system will then ask you to fill in fields. To do so respect instructions of the page Obtain a server certificate
Country Name (2 letter code) []: (FR in France for exemple)
State or Province Name (full name) [Some-State]: (the name of your département in France)
Locality Name (eg, city) []: (the name of your city)
Organization Name (eg, company) []: (your organization name)
Organizational Unit Name (eg, section) []: (Do not fill - advised - or enter a generic term such as "IT Department".)
Common Name (eg, YOUR name) []: (the name of the website to be secured)
Email Address []: (let blank)
- Do not fill in fields such as: "A challenge password" or "An optional company name"
3- Insert the private key in Fastream
1- IQ Web/FTP Server
For HTTP protocol:- Select the "HTTP - Default" tab.
- Then, select the "SSL/TLS Encryption" tab.
- Once in this tab, import your private key in the "Private Key" field.
- Save your new set-up.
- Select the"FTP - Default" tab.
- Then, select the "SSL/TLS Encryption" tab.
- Once in this tab, import your private key in the "Private Key" field.
- Save your new set-up.
2- IQ Proxy Server
Example with RProxy:- Select the "RProxy: Default" tab.
- Then, select the "SSL/TLS Encryption" tab.
- Once in this tab, import your private key in the "Private Key" field.
- Save your new set-up.
Notes
- On some platform, the openssl.cnf file that OpenSSL reads by default to create the CSR is not the good one.
In that case you can download yours:- For VeriSign or Thawte server certificates: openssl-dem-server-cert-thvs.cnf
- For TBS X509 or Sectigo server certificates: openssl-dem-server-cert.cnf
- Under Windows, just replace openssl by openssl.exe
2- Generate a private key and a CSR with Fastream
1- IQ Web/FTP Server
For HTTP protocol:- Select the "HTTP - Default" tab.
- Then select the "SSL/TLS Encryption" tab.
- Then, click the "Generate CSR" button and follow the software procedure.
- Once the CSR and the private key generated, save your new set-up and recover the CSR.
- Select the "FTP - Default" tab.
- Then select the "SSL/TLS Encryption" tab.
- Then click the "Generate CSR" button and follow the software procedure.
- Once the CSR and the private key generated, save your new set-up and recover the CSR.
2- IQ Proxy Server
Example with RProxy:- Select the "RProxy: Default" tab.
- Then select the "SSL/TLS Encryption" tab.
- Then click the "Create CSR" button and follow the software procedure.
- Once the CSR and the private key generated, save your new set-up and recover the CSR.
3- Place an order request
- Use the appropriate link to place your order on our website. See Access an order form
-
Copy/paste the content of the www.exemple.com.csr file in the form.
Useful links
Fastream official websiteScreenshots for IQ Web/FTP Server and IQ Proxy Server.
Documentation
Last edited on 01/03/2020 14:25:32 --- [search]