In order to obtain a signed Digital Certificate, you must create a Certificate Signing Request,
or CSR. At the same time your CSR is created, you will also generate a Private Key. The CSR
is used by the Signing Authority to create a Signed Digital Certificate which works with your
Private Key to provide secure access to your Web site.
There is some information that you will need to
gather before generating the CSR and Private Key. This information is required as part of the
CSR, and must be entered exactly as you want them to appear in your certificate.
PEM Passphrase - This is a security phrase which, like a
password, ensures that only you can use your digital certificate. Be sure to use a phrase
which you can easily remember but which is not easily guessed. You will need to enter
the passphrase in the future to install your signed certificate.
Company Location - You will need to know the country, province
or state, and city where you want the certificate to display as your company location.
Company Contact Information - This includes the complete company
or organization name, and the organizational unit or department (if applicable).
Your Domain Name - You will need to determine the exact domain
name that you want to use to access your Web site securely.
Contact E-mail Address - The contact E-mail address that you
want to have the Signing Authority use when corresponding with you.
Extra Information - This is additional information that is not
required, but may be useful. It includes a challenge password, which some Signing Authorities
use to allow you access to your certificate and which they may require when interacting with
them. You can also enter additional company information.
Once you have all the information ready to enter,
connect to you Virtual Private Server via SSH or Telnet and run the following command.
% openssl req -new
You will be asked to provide the information you
gathered earlier. Most of the questions are self explanatory, except that common name
refers to the domain name that you want to use when accessing your site using SSL (ie
domain.com or www.domain.com or cname.domain.com or
When you have entered all the data, your CSR will
be shown. It is a good idea to save the CSR by copying and pasting it into a file on your
local computer. You will need it when you are ordering your SSL certificate from the Signing
Authority's Web site. The following is an example of a CSR. Note that the CSR includes the
lines with BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST.
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
In the directory where you were when you ran the
openssl command, you will also find a new file called privkey.pm. This is your
private key, which you will need at a later time. The following is an example of a private
key. Note that the lines containing BEGIN RSA PRIVATE KEY and END RSA PRIVATE
KEY are part of the key.
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
Once you have your CSR and Private Key, the next
step is to Obtain your signed Digital Certificate.