SSL Certificates Support - CSR Generation Instructions - Red Hat Linux Apache/SSL Server - VeriSign UK Ltd.
VeriSign, Inc.® United Kingdom Home | Worldwide Sites | Site Map
Products & Services Solutions Support About VeriSign Existing Customers
You Are Here: United Kingdom Home > Support > SSL Certificates Support > CSR Generation Instructions - Red Hat Linux Apache/SSL Server

SSL Certificates Support
SSL Support Information
Generate a Certificate Signing Request (CSR)
Enrolment
Installation Instructions
Backup a Certificate
Move a Certificate

CSR Generation Instructions - Red Hat Linux Apache/SSL Server

To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match. You will have to request a new SSL Certificate and may be charged.

VeriSign recommends that you contact the Redhat SWS vendor for additional information. 

Step 1: Generating the Private Key

  1. Use the cd command to move to the /etc/httpd/conf directory.
  2. As root, type in one of the following three commands to generate your key:
  3. If you are using Official Red Hat Linux Professional and you want to use the included password feature, type in the following command: make genkey
  4. Your key will be generated and you will be asked to enter and confirm a password. Please note that you will need to remember and enter this password every time you start your secure Web server, so do not forget it.
  5. If you are using Official Red Hat Linux Professional and you don't want to be required to type in a password every time you start your secure Web server, use the following command instead of make genkey to create your key (note that the following command should be typed in all on one line):  
     
    /usr/sbin/sslgenrsa -rand /dev/urandom -out ssl.key/server.key 1024
  6. Then use the following command to set the correct permissions on your key:  
     
    chmod go-rwx ssl.key/server.key
  7. If you use the above commands to create your key, you will not need to use a password to start your secure Web server. However, we do not recommend that you disable the password feature for your secure Web server, since it decreases the level of security for your server.
  8. Your key will be created and saved to a file named server.key. If you are using Official Red Hat Linux Professional, server.key will be located in the /etc/httpd/conf/ssl.key directory. If you are using Official Red Hat Linux Professional, International Edition, s

Step 2: Create the Certificate Signing Request

  1. In the /etc/httpd/conf directory, become root and type in one of the following two commands:
  2. If you are using Official Red Hat Linux Professional, type in the following command:  
     
    make certreq
  3. If you are using Official Red Hat Linux Professional, International Edition, type in the following single command (all on one line):  
     
    /usr/bin/openssl req -new -key /etc/httpd/conf/server.key -out /etc/httpd/conf/server.csr
  4. You will be prompted for your password (if you used a password when you generated your key). Type in the password, if necessary.
  5. You will see some instructions and you will be prompted for responses. Your inputs will be incorporated into the CSR.
  6. When you have finished entering your information, a file named server.csr will be created. If you are using Official Red Hat Linux Professional, server.csr will be located in the /etc/httpd/conf/ssl.csr directory.
  7. You have just created a key pair and a CSR.
  8. The server.csr file contains your certificate request. To copy and paste the information into the enrolment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
  9. Go to Enrolment.

Terms Defined

Common Name

The Common Name is the Host + Domain Name. It looks like "www.company.co.uk" or "company.co.uk".

VeriSign certificates can only be used on Web servers using the Common Name specified during enrolment. For example, a certificate for the domain "domain.co.uk" will receive a warning if accessing a site named "www.domain.co.uk" or "secure.domain.co.uk", because "www.domain.co.uk" and "secure.domain.co.uk" are different from "domain.co.uk".

Organisation Information

  • If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enrol.
  • The “Org Unit” field is the name of the department or organisation unit making the request.
  • The Locality field is the city or town name, for example: Guildford.
  • Do not abbreviate the county name, for example: Surrey.
  • Use the two-letter code without punctuation for country, for example: GB.

Contact Information

During the verification process, VeriSign may need to contact your organisation. Be sure to provide an email address, phone number, and fax number that will be checked and responded to quickly. These fields are not part of the certificate.
Contact Us
Contact Support >>
Contact VeriSign Legal Notices Privacy Repository © 2003 - 2008 VeriSign UK Limited. All rights reserved.
9/29/08 9:58 PM