To generate a CSR, you will need to create a key pair for your server.
Generate a Key Pair
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyondDecember 31, 2013, the 2048 bit key length will need to be selected.
1. Run genkey, specifying the name of the host or virtual host: genkey hostname. The genkey script displays the filenames and locations of the key file and CSR file it will generate:
Key file: /usr/local/www/sslhostname.key
CSR file: /usr/local/www/sslhostname.cert
Note: If you already have a key for your server, run genreq [servername] to generate only the CSR.
2. Press Enter. The genkey script reminds you to be sure you are not overwriting an existing key pair and certificate.
3. When prompted, enter a key size in bits. We recommend using the largest key size available: 2048 bits.
4. When prompted, enter random key strokes. Stop when the counter reaches zero and genkey beeps. This random data to create a unique public and private key pair.
5. When prompted, enter y to create the key pair and CSR.
6. Select Geotrust as your CA.
7. Enter all of the information requested and press Enter. Back up your key file and CSR on a floppy disk and store the disk in a secure location. If you lose your private key or forget the password, you will not be able to install your Secure Server ID and will need to request and purchase a new one from Geotrust.
You have just created a key pair and a CSR.
8. To copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
9. Copy and past the CSR into the enrollment pages.