Thursday, January 8, 2015

Generate CSR for Red Hat Linux Apache / SSL Server

Generate CSR for Red Hat Linux Apache / SSL Server

Step 1: Generating the Private Key


   1. Use the cd command to move to the /etc/httpd/conf directory.

   2. As root, type in one of the following three commands to generate your key:

   3. If you're using Official Red Hat Linux Professional and you want to use the included password feature, type in the following command: make genkey

   4. Your key will be generated and you will be asked to enter and confirm a password. Please note that you will need to remember and enter this password every time you start your secure Web server, so don't forget it.

   5. If you're using Official Red Hat Linux Professional and you don't want to be required to type in a password every time you start your secure Web server, use the following command instead of make genkey to create your key (note that the following command should be typed in all on one line):  


            /usr/sbin/sslgenrsa -rand /dev/urandom -out ssl.key/server.key 2048

   6. Then use the following command to set the correct permissions on your key:  


            chmod go-rwx ssl.key/server.key

   7. If you use the above commands to create your key, you will not need to use a password to start your secure Web server. However, we don't recommend that you disable the password feature for your secure Web server, since it decreases the level of security for your server.

   8. Your key will be created and saved to a file named server.key. If you're using Official Red Hat Linux Professional, server.key will be located in the /etc/httpd/conf/ssl.key directory. If you're using Official Red Hat Linux Professional, International Edition, server.key will be located in /etc/httpd/conf.


Step 2: Create the Certificate Signing Request


   1. In the /etc/httpd/conf directory, become root and type in one of the following two commands:

   2. If you're using Official Red Hat Linux Professional, type in the following command: 
           make certreq

   3. If you're using Official Red Hat Linux Professional, International Edition, type in the following single command (all on one line): 
           /usr/bin/openssl req -new -key /etc/httpd/conf/server.key -out /etc/httpd/conf/server.csr

   4. You will be prompted for your password (if you used a password when you generated your key). Type in the password, if necessary.

   5. You'll see some instructions and you will be prompted for responses. Your inputs will be incorporated into the CSR.

   6. When you've finished entering your information, a file named server.csr will be created. If you're using Official Red Hat Linux Professional, server.csr will be located in the /etc/httpd/conf/ssl.csr directory.

   7. You have just created a key pair and a CSR.

   8. The server.csr file contains your certificate request. To copy and paste the information into the orderform, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).

   9. Go to our website ssl.nu for the SSL Certicate request


Terms defined:
Country Name (C):
Use the two-letter code without punctuation for country, for example: US or CA.

State or Province (S):
Spell out the state completely; do not abbreviate the state or province name, for example: California

Locality or City (L):
The Locality field is the city or town name, for example: Berkeley.

Organization (O):
If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll.  Example: XYZ Corporation

Organizational Unit (OU):
This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request.

Common Name (CN):
The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com".
Note: When prompted for your "first- and lastname", enter the desired Common Name.

SSL Certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".

Networking4all certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".


Please do not enter your email address, challenge password or an optional company name when generating the CSR.

Courtsey : http://tanglesolutions.com
Posted by at No comments:
Subscribe to: Posts (Atom)