To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match and a replacement has to be made.
Generate a Private Key and CSR
NOTE: A key length of 1024 bit is the default, but Geotrust recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.
- Create a directory called ‘C:\test’.
- Launch “OpenSSL”.
- Enter the following command to create a private key. genrsa -des3 -out c:\test\key.pem 2048
- Enter in a passphrase to protect the key (at least six characters).
- Enter the following command to create a certificate request: req –new –key c:\test\key.pem –out c:\test\req.pem –config openssl_config.txt
- Enter in all the required fields for the certificate you want to generate.
- You have just created a key pair and a CSR.
- To copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
- Copy and paste the CSR into the enrollment pages.