sslsd-logo

CSR Generation Instructions (All Systems)

A Certificate Signing Request or CSR is a specially formatted underdeveloped public key  that is used for enrollment of an SSL Certificate. The information on this CSR is important for a Certificate Authority (CA). It is needed to validate the information required to issue a SSL Certificate.

Creation of a CSR also means you are creating your private key. The private key will always be left on the system or application where the CSR is generated. The Private key will be required later for installation.

If you do not see your server listed Perform a search or you may have to contact your server vender or hosting provider for best practices on how to generate a CSR on your system.

A CSR must contain the Following information:

  • Country Name: Use the two-letter code without punctuation for country, for example: US or CA.
  • State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: Massachusetts
  • Locality or City: The Locality field is the city or town name, for example: Boston. Do not abbreviate. For example: Saint Louis, not St. Louis
  • Company: If the company or department has an &, @, or any other symbol using the shift key in its name, the symbol must be spelled out or omitted, in order to enroll. Example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
  • Organizational Unit: The Organizational Unit (OU) field is the name of the department or organization unit making the request. To skip the OU field, press Enter on the keyboard.
  • Common Name: The fully-qualified domain name, or URL, you’re securing. for example “www.domain.com”. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.domain.com.

Note: You might be prompted on some server systems or applications to associate a password for your CSR. Leave this blank or bypass it by pressing Enter depending on the system. Associating a password with your CSR will encrypt it and will cause issues with enrollment. If this happens you will have to regenerate another CSR without a password.


CSR Generation Instructions (All Systems)
If you are looking for a simpler way to create CSRs, and install and manage your SSL Certificates, we recommend using the DigiCert Certificate Utility for Windows. You can use the DigiCert Utility to generate your CSR and Configure your SSL Certificate Keypair. You can then export your SSL Certificate from the utility in either a pfx for pem Apache applicable format and import it into the systems that require your SSL Certificate.

Digicert Certificate Utility – SSL Certificate (Guide)


To check the information of your CSR visit the SSL Tools CSR Checker.


Instructions for server vendors:


A:
Apache (OpenSSL, Nginx, ModSSL)

Apple Mac OS X 10.6
Apple Mac OS x 10.11

Aruba ClearPass


B:
Barracuda SSL VPN


C:
Checkpoint VPN

Citrix Netscaler VPX

Cisco ASA 5510
Cisco Wireless LAN Controller

cPanel


F:
F5 BIG IP
F5 FirePass

FileMaker 15

FortiGate


I:
IBM AS/400 iSeries
IBM WebSphere


J:
Juniper

JBoss Http

JBoss Tomcat


K:
Kemp 6.x

Keytool


M:
Microsoft Azure

Microsoft Active Directory LDAP

Microsoft Exchange 2010
Microsoft Exchange 2013

Microsoft Forefront

Microsoft Server 2003 – IIS 6

Microsoft Server 2008 – IIS 7 & 7.5
Microsoft Server 2012 – IIS 8 & 8.5

Microsoft Lync

Microsoft Office 365

Microsoft Sharepoint 2010
Microsoft Sharepoint 2013

Mitel MiCollab MSL


O:
Oracle Wallet Manager


P:
Plesk 11.x
Plesk 12

Portecle


S:
SonicWall VPN
SonicWall NSA

SAP Web Application Server

SRT Titain FTP


T:
Tomcat


W:
Web Host Manager (WHM)


Z:
Zimbra

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »