Low Cost, High Assurance,
SSL Certificates
You are here : SSL Certificate Home > CSR for Apache SSL
SSL Support Home
- SSL Browser Compatibility
- Free Security Guides
- EPKI Support
- Email Certificate Support
- Content Verification Seal Support
- SSL FAQs & Solutions
SSL Application Stages:
- 1. Buy a Certificate now
- 2. Creating a CSR
- 3. Doc Requirements
- 4. Installing a Certificate
- 5. Display Site Seal
TrustLogo
Generating a Certificate Signing Request (CSR) using Apache Mod_SSL/OpenSSL
A CSR is a file containing your certificate application information, including your Public Key.
Certificate Auto-Requester:
Comodo provides a useful tool to automatically create a public/private key pair on your local machine and then use this key pair to generate a CSR and automatically submit it to Comodo over a secure SSL connection to create your certificate for Apache.Click here for the Certificate Auto-Requester
Or generate keys and certificate manually:
To generate a pair of private key and public Certificate Signing Request (CSR) for a web server, "server", use the following command :
openssl req -new -nodes -keyout myserver.key -out server.csr
This creates two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.
In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).
You will now be asked to enter details to be entered into
your CSR
What you are about to enter is what is called a Distinguished Name or
a DN.
For some fields there will be a default value, If you enter '.', the field
will be left blank.
Country Name (2 letter code) [AU]: GB
State or Province Name (full name) [Some-State]: Yorks
Locality Name (eg, city) []: York
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: mysubdomain.mydomain.com
Email Address []:
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:
An optional company name []:
Use the name of the web server as Common Name (CN). If the domain name is mydomain.com append the domain to the hostname (use the fully qualified domain name).
The fields email address, optional company name
and challenge password can be left blank for a web server certificate (Apache SSL).
Your CSR will now have been created. Open the server.csr
in a text editor and copy and paste the contents into the online enrollment
form when requested.
