Checkpoint VPN – CSR Generation & SSL Installation Guide.

Checkpoint is a unique VPN gateway appliance. Typically CSR generation and SSL Installation are independent from one another, but Checkpoint desires to have both Root and Intermediate CA installed on the system before CSR generation can occur. So up front you will have to ask or consult your CA vender for these two certificate files before you generate your CSR for the enrollment of a SSL/TLS Certificate. Checkpoint is an apache based system so you will need x509/pem versions of your Root, Intermediate, and SSL Certificate. To prepare your Checkpoint VPN, Generate a CSR, and install your SSL Certificate on Checkpoint perform the steps below: Step 1: Creating your Intermediate/Root CA certificates: Getting your Root and Intermediate CA will vary […]

Read More

Mitel MiCollab MSL Server- CSR Instructions

To generate a Certificate Signing Request (CSR), a key pair must be created for the server. These two items are a public key and a private key pair and cannot be separated. Mitel’s Micollab server system is an apache based system and uses x509 format certificates. When generating a CSR on a Mitel MiCollab Server the private key will be secretly stored in a hidden directory the server system utilizes. To generate a CSR on Mitel Micollab Server perform the following. Step 1: Generating your CSR public/private keypair: Log into the Micollab Server Manager. Under Security, click Web Server. Click the Web Server Certificate Tab. Scroll down to Using other third-party certificate authority. Select Generate a new Certificate Signing Request (CSR). […]

Read More

Keystore .jks Keytool – CSR Generation & SSL Installation Guide.

To generate a Certificate Signing Request (CSR) you will first need to create a keystore for your Oracle system. Oracle systems such as Tomcat or Web Logic use keystores for its certificate web server configurations. If you lose your keystore file or your password to access it your SSL Certificate will no longer match and you will need to replace the certificate. Note: Keystores created from an Oracle Keytool or Tomcat type environment can be heavily customized. Below are generalized instructions. The naming conventions of the files and alias names used can be specified to fit your own environment.  You will need to adjust these instructions appropriately. If you do not want to be thrown back into the stone age doing command line of a Keystore using keytool… […]

Read More

Citrix Netscaler VPX (10) Loadbalancer- CSR Instructions

To generate a Certificate Signing Request (CSR) for Citrix Netscaler, a key pair must be created for the server. These two items are a public key and a private key pair and cannot be separated. Like all key pairs the private key once created will remain on the system where the CSR is made. The CSR public key is what you will submit to a Certificate Authority (CA) to get the public key signed. To generate a CSR on Citrix Netscaler 10 & 10.5 perform the following. Step 1: Generating your private key: Log on to the NetScaler appliance. Under the Configuration tab select SSL in the navigation pane. Under SSL Keys click Create RSA key. Under Key Filename* specify […]

Read More

SonicWALL Network Security Appliance (NSA) – CSR Instructions

SonicWALL Network Security Appliance (NSA) is a unique server system that uses pem files similar to Apache. As far as Apache “Type” systems go, this one is impressively easy to work with. To generate a Certificate Signing Request (CSR), a key pair must be created for the server. These two items are a public key and a private key pair and cannot be separated. Like all key pairs the private key once created will remain on the system where the CSR is made. The CSR public key is what you will submit to a Certificate Authority (CA) to get the public key signed. To generate a CSR on SonicWALL NSA perform the following. Step 1: Creating your CSR request: Log into your […]

Read More

Cisco Wireless LAN Controller (WLC) – SSL Guide

Cisco Wireless Lan Controller (WLC) is a very complex system with unconventional implementation of its keypairs for encryption. CSR creation and certificate installation may vary as your custom environment system may differ. Below are generalized instructions. The utility “Openssl” is used to generate the key and CSR and used to perform conversions. This utility comes with the Openssl package and is usually installed under /usr/local/ssl/bin. If you have a custom installation, you will need to adjust these instructions appropriately. To generate a CSR and Install your SSL/TLS certificate after it has been issued on a Cisco WLC perform the following. Step 1: Generating your private key pair: On the Apache system type using Open SSL perform the following command at the prompt. Note: […]

Read More

CSR Generation Instructions (All Systems)

A Certificate Signing Request or CSR is a specially formatted underdeveloped public key  that is used for enrollment of an SSL Certificate. The information on this CSR is important for a Certificate Authority (CA). It is needed to validate the information required to issue a SSL Certificate. Creation of a CSR also means you are creating your private key. The private key will always be left on the system or application where the CSR is generated. The Private key will be required later for installation. If you do not see your server listed Perform a search or you may have to contact your server vender or hosting provider for best practices on how to generate a CSR on your system. […]

Read More

Server 2003 IIS 6 – CSR Instructions

To generate a Certificate Signing Request (CSR) for Server 2003 – IIS 6 you will need to create a key pair for your server the public key and private key. These two items are a digital certificate key pair and cannot be separated. On Windows type systems PFX/PKCS12 requests are made, and are stored on the system. The private key will remain hidden on the windows system where the CSR request is made. Note: All certificates issued by a Certificate Authority must be SHA2/SHA256 algorithm due to industry standards by governing entities. IIS 6 Server 2003, has been known to not understand this Algorithm.  Installing a SHA2 certificate on your outdated system may not work. You may have to contact Microsoft […]

Read More

Server 2003 IIS 6 – CSR Instructions for Renewals

To generate a Certificate Signing Request (CSR) for Server 2003 – IIS 6 you will need to create a key pair for your server the public key and private key. These two items are a digital certificate key pair and cannot be separated. On Windows type systems PFX/PKCS12 requests are made, and are stored on the system. The private key will remain hidden on the windows system where the CSR request is made. Note: All certificates issued by a Certificate Authority must be SHA2/SHA256 algorithm due to industry standards by governing entities. IIS 6 Server 2003, has been known to not understand this Algorithm.  Installing a SHA2 certificate on your outdated system may not work. You may have to contact Microsoft […]

Read More

Server 2003 IIS 6 – CSR/Install Instructions for Renewals without removing the existing certificate

Issue Condition: To generate a new CSR without removing the current certificate, a Temporary Dummy website can be created. This workaround will apply for Microsoft IIS 6 server 2003 that currently have certificates installed on their website, but a new CSR with a new key-bit length or different information in the Distinguished Name needs to be created. Creating a temporary website allows you to keep the current certificate active on the site while another certificate request is pending. After installing the certificate on the temporary web site, it can be applied to the production web site. On Windows type systems PFX/PKCS12 requests are made, and are stored on the system. The private key will remain hidden on the windows system and […]

Read More