How To Generate A WildCard SSL Certificate CSR On Apache, Mod SSL & OpenSSL Servers

Certificate Signing Request (CSR) generation, which is a must for obtaining an SSL certificate from Certificate Authorities (CA), is a technically intensive process and might be cumbersome for those not familiar with the intricate steps involved for the same. The large number of live chats, calls and email support requests received by certificate Authorities from users seeking help in completing the process acknowledge the fact that the problem is indeed rife and must be addressed.

In this post, Mr. Jim Armstrong, a Web security specialist at RapidSSLOnline, addresses how to obtain a Certificate Signing Request for Apache + Mod SSL + OpenSSL servers from major Certificate Authorities on the web such as Symantec, GeoTrust, Thawte, and RapidSSL without any hassles. The process of CSR creation entails the generation of two types of keys: private and public keys as shown below.

Generating the Private Key

The OpenSSL Utility, which comes with every OpenSSL package, is mostly used to generate the private key and CSR. It should be installed on the following path: /usr/local/ssl/bin . If the OpenSSL utility package is installed on a different path, you have to adjust the OpenSSL package installation path. To do this, first enter the following command at the prompt: opensslgenrsa -des3 -out .key 2048 . This command will raise a 2048 bit RSA private key which will automatically get stored at the file www.myhostname.com.key. It is imperative for all SSL Certificate CSRs to have a 2048-bit key length.

When prompted with the password command make sure that you choose a password that is secure i.e is a combination of alphabets, numbers and symbols as this password will a) protect the private key b) secure the certificate.

Note: The pass phrase requirement can be bypassed by omitting the -des3 option at the time of generation of the private key. In case you wish to leave the private key unprotected, it his highly recommended that only authorized server administrators have access to the server and ability to read the private key file.

Easy steps to generate WildCard SSL Certificate CSR at Apache

Generating the Public key and CSR

First Enter the following command at prompt: opensslreq -new -key .key -out .csr . If you are using OpenSSL on Windows server you can use this direct path to reach ‘openssl.cnf’:

opensslreq -new -key .key -config “c:Apache Software FoundationApache2.2confopenssl.cnf” -out .csr

This should be followed by filling mandatory information of the organization, which includes:

  • Country Name: Two-letter code of the country without punctuation (i.e. US, UK).
  • State or Province: Complete state name without any abbreviation. (i.e. New York, not NY).
  • Locality or City: City or town name without any abbreviation.
  • Company: In case a company or organization name has a symbol such as &, @, or * included within it’s name, the
  • symbol must be properly spelled out (i.e. AB & C Corporation would be AB and C Corporation).
  • Organizational Unit: An optional field which can be skipped by pressing ‘Enter’ on the keyboard but information filled here serves as additional authentication for obtaining the certificate from the CA.
  • Common Name: The Host + Domain Name.

Now both your private and public keys have been generated. The private key (www.hostname.com.key) is stored locally on the server and employed for decryption. The public key, in the form of a WildCard SSL Certificate Signing Request (certrequest.csr), will be for certificate enrollment.

Note: If you wish to copy and paste the information into the enrollment form, you should first open the file in Notepad or Vi and save it as a .txt file. Please note that you shouldn’t use Microsoft Word as it inserts extra hidden characters which alter the contents of the CSR thereby rendering it useless.

If you seek further information regarding WildCard SSL Certificate Signing Request for a web server I’ve not covered, please click here.

Jim Armstrong is SSL Security Specialist at RapidSSLOnline.com a Platinum Certificate Authority. RapidSSLOnline.com is one of the most inexpensive SSL Certificate Providers in the world. You can reach him on Google+, Twitter and Facebook.

GD Star Rating
How To Generate A WildCard SSL Certificate CSR On Apache, Mod SSL & OpenSSL Servers, 1.0 out of 5 based on 1 rating
Opt In Image
Sign-up To Our Newsletter....
...And Get This FREE eBook!
  • Understand the phenomenon behind Google Sitelinks.
  • Increase the visibility and popularity of your Website.
  • Find out how you can improve the link structure of your site.
  • Determine how to put your Website on the Google Sitelinks map.
  • Learn how you can use Google Sitelinks to get more targeted-SEO traffic to your Website.
Filed in: Security, Tutorial Tags: certificate authority, GeoTrust, OpenSSL, Public key certificate, Public-key cryptography

Get Updates

Share This Post

Related Posts

One Response to "How To Generate A WildCard SSL Certificate CSR On Apache, Mod SSL & OpenSSL Servers"

  1. Richard says:

    Too bad the instructions given are just the standards CSR generation instructions and give absolutely no specific information on venerating a wildcard CSR.

    GD Star Rating

Leave a Reply

Submit Comment

© 2015 TechSling Weblog. All rights reserved.
Designed by TechSling Online.