Generating Certificate Signing Requests

Similar documents
Fasthosts Customer Support Generating Certificate Signing Requests

Installing an SSL certificate on your server

Server software page. Certificate Signing Request (CSR) Generation. Software

Secure IIS Web Server with SSL

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

An internal CA that is part of your IT infrastructure, like a Microsoft Windows CA

H O W T O I N S T A L L A N S S L C E R T I F I C A T E V I A C P A N E L

SSL Certificates Enrollment, Collection, Installation and Renewal

Best Practices for Security Certificates w/ Connect

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

Instructions for Partner- Signing Key Generation and Certificate Creation and Renewal

IceWarp SSL Certificate Process

Comodo Certificate Manager

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Using SSL to Secure Client/Server Connections

Getting Started with the VQE Startup Configuration Utility

Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4

Comodo Server Security Server

Install the ExtraHop session key forwarder on a Windows server

When starting the installation PKI Install will try to find a high port available for https connection.

Oracle Hospitality Hotel Mobile OPERA Web Services Server Installation Guide Release 1.1 E May 2017

Server Certificate Preparation and Installation for Windows Server 2003

Please select your version. Installation Instructions for BIG-IP F5 version 9.x and 10.x. Installation Instructions for F5 BIG-IP version 11

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at

System Setup. Accessing the Administration Interface CHAPTER

Microsoft Network Device Enrollment Service

The information in this document is based on these software and hardware versions:

Comodo Certificate Manager

Datasheet - Sitekit CMS Secure Forms

Accessing the Ministry Secure File Delivery Service (SFDS)

Mac OSX Certificate Enrollment Procedure

Creating and Installing SSL Certificates (for Stealthwatch System v6.10)

V1.0 Nonkoliseko Ntshebe October 2015 V1.1 Nonkoliseko Ntshebe March 2018

Certificate Retrieval Procedures

Secure Web Appliance. SSL Intercept

UCS Manager Communication Services

Content and Purpose of This Guide... 1 User Management... 2

Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4

Scenarios for Setting Up SSL Certificates for View. Modified for Horizon VMware Horizon 7 7.3

How to use IBM/Softlayer Object Storage for Offsite Backup

Creating an authorized SSL certificate

Comodo Certificate Manager Version 5.7

Comodo Certificate Manager Version 6.0

Using SSL/TLS with Active Directory / LDAP

Mitel MiVoice Connect Security Certificates

Getting Started with the VQE Startup Configuration Utility

C O N F IGURIN G EN HA N C ED SEC U RITY O PTIONS F O R REMOTE C O N TROL

S/MIME Security Services

S/MIME Security Services

Bitnami Piwik for Huawei Enterprise Cloud

Scenarios for Setting Up SSL Certificates for View. VMware Horizon 6 6.0

SECURE Gateway v4.7. TLS configuration guide

Install the ExtraHop session key forwarder on a Windows server

Managing Certificates

CSM - How to install Third-Party SSL Certificates for GUI access

How to Create a Signed QuickAdd Package

RB Digital Signature Proxy Guide for Reporters

CYAN SECURE WEB HOWTO. SSL Intercept

Bitnami Coppermine for Huawei Enterprise Cloud

Configuring Cisco Unified MeetingPlace Web Conferencing Security Features

Configuring the VPN Client 3.x to Get a Digital Certificate

Bitnami ez Publish for Huawei Enterprise Cloud

How to Enable Client Certificate Authentication on Avi

USER MANUAL FOR SECURE E MAIL MICROSOFT OUTLOOK (2003)

Secure Websites Using SSL And Certificates

Security Digital Certificate Manager

SafeConsole On-Prem Install Guide. version DataLocker Inc. July, SafeConsole. Reference for SafeConsole OnPrem

FedLine Web Certificate Retrieval Procedures

Apptix Online Backup by Mozy User Guide

mobilefish.com Create self signed certificates with Subject Alternative Names

Bitnami Tiny Tiny RSS for Huawei Enterprise Cloud

Install the ExtraHop session key forwarder on a Windows server

Apache Security with SSL Using FreeBSD

App Orchestration 2.6

Bitnami Re:dash for Huawei Enterprise Cloud

User Guide. BlackBerry Workspaces for Windows. Version 5.5

IBM Client Security Solutions. Client Security Software Version 1.0 Administrator's Guide

Bitnami ProcessMaker Community Edition for Huawei Enterprise Cloud

Configuring SSL. SSL Overview CHAPTER

Configuring SSL. SSL Overview CHAPTER

BIG-IP System: SSL Administration. Version

Abstract. Avaya Solution & Interoperability Test Lab

VMware Workspace ONE UEM Toshiba Printer Management. VMware Workspace ONE UEM 1811 VMware AirWatch 1811

Public Key Enabling Oracle Weblogic Server

Bitnami ERPNext for Huawei Enterprise Cloud

Securing A Basic HTCondor Pool

Purpose. Target Audience. Overview. Prerequisites. Nagios Log Server. Sending NXLogs With SSL/TLS

Bitnami Dolibarr for Huawei Enterprise Cloud

Entrust Cloud Enterprise. Enrollment Guide

Integration Guide. Dell EMC Data Domain Operating System and Gemalto KeySecure. DD OS and Gemalto KeySecure Integration. Version 6.

SafeConsole On-Prem Install Guide

DIRECTORY SEARCH V3.0 Quick Start Guide

GB-OS. Certificate Management. Tel: Fax Web:

Nortel Cognos Installation Guide

and all documents and files are automatically protected when the data files for related applications are in your virtual drive.

IBM. Security Digital Certificate Manager. IBM i 7.1

Odette CA Help File and User Manual

VMware AirWatch Integration with RSA PKI Guide

Bitnami OSQA for Huawei Enterprise Cloud

Client Authenticated SSL Server Setup Guide for Apache Webservers

Transcription:

SSL Generating Certificate Signing Requests Page 1

Contents Introduction... 1 What is a CSR?... 2 IIS 8... 2 IIS 7... 7 Apache... 12 Generate a Key Pair... 12 Generate to CSR... 13 Backup your private key... 15 Plesk Onyx... 15 Plesk 12... 20 WHM... 24 cpanel... 27 Other operating systems... Error! Bookmark not defined. After generating your CSR... Error! Bookmark not defined. Page 2

Introduction SSL secures all website traffic between two points, ensuring that any data shared between your customers and your webserver is safe and secure. It achieves this in two ways: 1 It encrypts the data between the two computers, preventing anyone from eavesdropping on your communications. 2 It confirms the identity of the website you are communicating with. The transfer of data is achieved using public key encryption. This involves generating two very large prime numbers. The first is used as your private key and should be kept secret from everyone. The other forms your public key, and is available to everyone to view. With this information it is possible to create a self signed SSL certificate that encrypts data between two end points. However the end user cannot be sure that you are who you say you are. As such their web browser will provide warnings to anyone attempting to view your site over SSL. To avoid these errors, you need to prove the identity of your website. This is achieved by enrolling for a digitally signed certificate from a trusted authority. Your computer inherently trusts a number of companies (called Certificate authorities). By creating a public and private key, you can ask a trusted certificate authority to digitally sign your certificate. As your computer trusts the Certificate authority, it will also trust the identity of anyone who has their identity confirmed by having their certificate signed by such an authority. Page 1

What is a CSR? During a Certificate Signing Request (CSR) your computer will generate the private and public keys needed to encrypt data between yourself and your customers. It will also record information regarding your company or organization. This information can then be sent to a Certificate Authority that will check the information provided and sign your certificate. Once you have received your signed certificate you can install it on your server and start encrypting traffic to and from your website. The process for generating a Certificate signing request differs slightly depending upon which operating system or control panel software you are using. IIS 8 Step 1 From within Server Manager select Internet Information Services (IIS) Manager from the Tools drop-down menu. Page 2

Step 2 In the IIS Manager, choose your server name. Step 3 In the Features pane (the middle pane), open the Server Certificates icon. This will be located in the IIS section, or the Security section, depending upon how you are grouping your icons. Page 3

Step 4 Click Create Certificate Request. This is located in the right hand pane marked Actions. Step 5 The first screen of the wizard asks for details regarding the new site. The common name should match the fully-qualified domain name for the site. Otherwise, provide information about your site, making sure to spell out the name of your state and locality. You will be prompted to enter additional information regarding your website. In the form provided, enter the following details: Common Name: The Common Name is the Host + Domain Name. It looks like "www.domain.com" or domain.com". Page 4

Quick tip: The Common Name must be the same as the Web address you will be accessing when connecting to your secure site. For example, an SSL Server Certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "shop.domain.com", as "www.domain.com" and "shop.domain.com" are different from "domain.com". Organization: The Organization Name is your Full Legal Company or Personal Name. Organizational Unit: This field is optional; The Organizational Unit field is the name of the department or organization unit making the request. City/Locality: Is the city or area in which you are based; E.g. Gloucester. State/province: Is the area in which you are based. E.g. Gloucestershire. Country/region: Select the two digit country code for your organization from the drop down list provided. E.g GB, US or CA for Great Britain, United States of America or Canada respectively. Quick tip: A full list of country codes is available in the appendix of this guide. Page 5

Step 6 Click Next to continue. Step 7 Next, you are asked to choose cryptography options. Leave the default setting of Microsoft RSA SChannel Cryptographic Provider, but change the Bit length to 2048. Click Next to continue. Page 6

Step 8 Finally, provide a filename to which to save the certificate request. You will need to retrieve this file later, so make a note of the name and location. IIS 7 Step 1 Choose Start > Administrative Tools > Internet Information Services (IIS) Manager. Step 2 In the IIS Manager, choose your server name. Page 7

Step 3 In the Features pane (the middle pane), open the Server Certificates icon. This will be located in the IIS section, or the Security section, depending upon how you are grouping your icons. Step 4 Click Create Certificate Request. This is located in the right hand pane marked Page 8

Actions. Step 5 The first screen of the wizard asks for details regarding the new site. The common name should match the fully-qualified domain name for the site. Otherwise, provide information about your site, making sure to spell out the name of your state and locality. You will be prompted to enter additional information regarding your website. In the form provided, enter the following details: Common Name: The Common Name is the Host + Domain Name. It looks like "www.domain.com" or domain.com". Quick tip: The Common Name must be the same as the Web address you will be accessing when connecting to your secure site. For example, an SSL Server Certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "shop.domain.com", as "www.domain.com" and "shop.domain.com" are different from "domain.com". Organization: The Organization Name is your Full Legal Company or Personal Name. Organizational Unit: This field is optional; The Organizational Unit field is the name of the department or organization unit making the request. Page 9

City/Locality: Is the city or area in which you are based; E.g. Gloucester. State/province: Is the area in which you are based. E.g. Gloucestershire. Country/region: Select the two digit country code for your organization from the drop down list provided. E.g GB, US or CA for Great Britain, United States of America or Canada respectively. Quick tip: A full list of country codes is available in the appendix of this guide. Step 6 Click Next to continue. Page 10

Step 7 Next, you are asked to choose cryptography options. Leave the default setting of Microsoft RSA SChannel Cryptographic Provider, but change the Bit length to 2048. Click Next to continue. Step 8 Finally, provide a filename to which to save the certificate request. You will need to retrieve this file later, so make a note of the name and location. Page 11

Apache To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. Note: Your SSL Certificate matches this key pair, so if you lose your public/private key file, or you need to re-generate your password, your SSL certificate will no longer work and a new one will need to be requested. Generate a Key Pair openssl is used to generate the key and CSR. This utility comes pre-installed on our dedicated and Virtual servers under /usr/local/ssl/bin. Step 1 Type the following command at the prompt for an encrypted key: 1 openssl genrsa des3 out www.mydomain.com.key 2048 This command generates a 2048 bit RSA private key and stores it in the file www.mydomain.com.key. Page 12

Step 2 When prompted for a pass phrase: Enter a secure password and remember it. This pass phrase is what protects the private key. Both the private key and the certificate are required to enable SSL. Generate to CSR Step 1 Type the following command at the prompt: 1 openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr Step 2 This command will prompt for the following X.509 attributes of the certificate: Country Name (C): Select the two digit country code for your organization. A list of country codes can be found in the appendix of this guide. State or Province (S): Is the area in which you are based. E.g. Gloucestershire. Locality or City (L): Is the city or area in which you are based; E.g. Gloucester. Organization (O): The Organization Name is your Full Legal Company or Personal Name. If your company or department has an &, @, or any other Page 13

symbol using the shift key in its name, you must spell out the symbol or omit it to enrol. Example: Smith & Son would be Smith and Son. Organizational Unit (OU): This field is optional; The Organizational Unit field is the name of the department or organization unit making the request. Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.domain.com" or domain.com". The Common Name must be the same as the Web address you will be accessing when connecting to your secure site. For example, a SSL Server Certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "shop.domain.com", as "www.domain.com" and "shop.domain.com" are different from "domain.com". Don t enter your email address, challenge password or an optional company name when generating the CSR. Your public/private key pair has now been created. The private key (www.domain.com.key) will be stored locally on the server machine and should be kept safe. The public key, in the form of a Certificate Signing Request (certrequest.csr), will be used in generating your certificate. Step 3 Open the file in a text editor, such as Vi, and save it as a.txt file. Quick tip: Use a text editor to copy and paste your CSR into the enrolment form. Word processors such a Microsoft Word can add formatting information into your text and cause your CRS to fail. Page 14

Step 4 Once the CSR has been created, proceed to Enrolment. Backup your private key It s good practice to make a backup of your.key. While it is not essential that you keep a backup of this key and your pass phrase, it may be important in cases of server failure. Plesk Onyx Step 1 In the Plesk control panel, select Domains from the Hosting Services section within the left menu bar. Step 2 Click on the domain you wish to add the certificate to. Step 3 Page 15

Select the SSL/TLS Certificates icon. Page 16

Step 4 Click on the Add SSL/TLS Certificate icon. Step 5 Enter a Certificate Name to help you identify this certificate. In the example below we've named it after the domain name the certificate is for, to make it quickly and easily identifiable. Step 6 Make sure you select 2048 from the Bits dropdown menu. Step 7 You also need to enter your company address, the domain name the certificate will protect, and a valid email address. These details must be accurate as they will be used to generate your private key. After the details have been filled in click the Request button. Page 17

Page 18

Step 8 You will be directed back to the SSL Certificates section. From here you will need to click on the certificate that has just been created. Step 9 Copy the entire CSR part from where the text starts with -----BEGIN CERTIFICATE REQUEST----- to where it ends with -----END CERTIFICATE REQUEST----- save this to a notepad file. Step 10 You will need to provide this to your chosen certificate authority (the company you are purchasing your SSL certificate from). They will then provide you with at the certificate part to upload to Plesk. Page 19

Plesk 12 Step 1 Log in to Plesk on your server as the server administrator and click on Domains in the Hosting Services menu. Step 2 Click on the Open in Control Panel link next to the domain name you want to add the SSL certificate to. Step 3 Click the Show More button at the bottom of the Websites & Domains section. Page 20

Step 4 Click on the Secure Your Sites icon. Step 5 Click the Add SSL Certificate icon. Step 6 Enter a Certificate Name to help you identify this certificate. In the example below we've named it after the domain name the certificate is for, to make it quickly and easily identifiable. Page 21

Step 7 You also need to enter your company address, the domain name the certificate will protect, and a valid email address. These details must be accurate as they will be used to generate your private key. Click the Request button when you've entered the information. You'll see a confirmation message that the certificate has been created. Step 8 Locate the newly created certificate in the list and click on it to see it's properties. Scroll down and find the CSR section. Copy all the text that starts with: -----BEGIN CERTIFICATE REQUEST----- and ends with -----END CERTIFICATE REQUEST----- Page 22

Step 9 Visit the web site of your chosen certificate authority and follow their procedures to purchase your certificate. When prompted, paste the CSR text you copied in the previous step into their online form. They will then generate your certificate. Save the generated certificate file to your local machine. Page 23

WHM Step 1 Login to WHM as an Administrator and Select Generate an SSL Certificate and Signing Request from the SSL/TLS section of the left menu. Step 2 In the Contact Information section you can choose to have the certificate parts email to you. To do so check the box labelled When complete, email me the certificate, key and CSR and enter your email address into the Email Address field. Page 24

Step 3 Select a key size value from the Key Size drop down menu. 2,048bits is recommended. Step 4 Fill out the CSR form using the fields provided. Domains: Enter the domain name that you want to add SSL to. City: Enter the City that the domain's registrant details contain. State: Enter the State or County that the domain's registrant details contain. Country: Select the domain registrant's country from the dropdown menu. Company Name: Enter your company name. Company Division: Enter the division within your company. Email: Enter the domain registrant's email address. Passphrase: Enter a passphrase (optional). Once finished, click the Create button to generate the CSR. Page 25

Step 5 Copy the entire Encoded Certificate Signing Request from the start of the line reading: -----BEGIN CERTIFICATE REQUEST----- To the end of the line reading: -----END CERTIFICATE REQUEST----- Paste this into a notepad file for safe keeping. Page 26

cpanel Step 1 Log in to cpanel, scroll down to the Security section and click the SSL/TLS Manager icon. Step 2 Click the link Generate, view or delete SSL certificate signing requests. Page 27

Step 3 Fill out the CSR form using the fields provided. Key: Leave this field set at Generate a new 2,048 bit key. Domains: Enter the domain name that you want to add SSL to. City: Enter the City that the domain's registrant details contain. State: Enter the State or County that the domain's registrant details contain. Country: Select the domain registrant's country from the dropdown menu. Company: Enter your company name. Company Division: Enter the division within your company. Email: Enter the domain registrant's email address. Passphrase: Enter a passphrase (optional). Description: Enter a description (optional). Page 28

Step 4 Copy the entire Encoded Certificate Signing Request from the start of the line reading: -----BEGIN CERTIFICATE REQUEST----- To the end of the line reading: -----END CERTIFICATE REQUEST----- Paste this into a notepad file for safe keeping. Step 5 You will need to provide this to your chosen certificate authority (the company you are purchasing your SSL certificate from). They will then provide you with the certificate part to upload to cpanel. Paste this into a notepad file for safe keeping. Page 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback