Reasons for importing keys include wanting to make a backup of a private key (generated keys are non-exportable, for security reasons), or if the private key is provided by an external source. This document will guide you through using the OpenSSL command line tool to generate a key pair which you can then import into a YubiKey.
In this guide, we will specifically address the process of obtaining a Certificate Signing Request for Apache + Mod SSL + OpenSSL servers. Here we have included the easy and quick steps of CSR generation from the major Certificate Authorities (CAs) on the web. In order to create a CSR user need two types of keys known as private and public keys.
Example: SSL Certificate - Generate a Key and CSR. Version: 2020.1. Important: This example is intended to provide general guidance to IT professionals who are experienced with SSL requirements and configuration. The procedure described in this article is just one of many available methods you can use to generate the required files.
These instructions are suitable for OpenSSL 0.98 and higher.
Preamble
ECC certificates can have compatibility issues with servers and browsers (see Technical limitation of ECC certificates). Before placing an order for such a certificate, you should test them. To do so, use our Generator of self-signed certificate. Select ECC option and get your certificate in a matter of minutes!
In order to gain some time, you can now generate your command line with our CSR creation assistant tool. Just copy/paste to finalize!
1- Generate the private key
Connect under root and access the setup directory of your Apache server. It is often:
We'll place our working files here but you can choose an other repertory.
Choose a file's name that fits you and generate the key with the following command:
If you want this key to be protected by a password (that will be requested any time you'll restart Apache):
Make a backup copy of the .key file!
Protect your file with:
2- Create your certificate request (CSR)
Use this command to generate the CSR:
The system will then ask you to fill in fields. To do so respect instructions of the page Obtain a server certificate Country Name (2 letter code) []: (FR in France for example) State or Province Name (full name) [Some-State]: (your state or province name, name of your département in France) Locality Name (eg, city) []: (the name of your city) Organization Name (eg, company) []: (your organization name) Organizational Unit Name (eg, section) []: (do not fill - advised - or enter a generic term such as 'IT Department'.) Common Name (eg, YOUR name) []: (the name of the website to be secured) Email Address []: (let blank)
Do not fill in fields such as: 'A challenge password' or 'An optional company name'
3- Finalize the order process
Use the appropriate link to place your order on our website. See Access an order form.
Copy/paste the content of the www.example.com.csr file in the form. The system will automatically detect the format of the CSR to issue an ECC certificate.
Useful links
Generate your command line with our CSR creation assistant tool.
You should have SSH access to server and root level access to create CSR key and private key. You can follow the same process to create CSR key for single domain SSL, single sub-domain SSL and wildcard SSL certificates.
Step1: You can use putty to connect apache server SSH and login as root Step2: Type below command on prompt
This command will create two files Private Key and CSR Key called Certificate Signing Request. You should keep copy of private key and use CSR key to complete SSL configuration process.
You will be prompted to enter below information:
Wildcard 256 Generate Key Openssl Free
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:
(Here you should enter the correct domain name. SSL certificate will be issued for the same name. If you’ve purchased wildcard SSL, you enter common name like *.yourdomain.com)
Generate Certificate Private Key Openssl
Email Address []:
Please enter the following ‘extra’ attributes to be sent with your certificate request
A challenge password []: DO NOT USE PASSWORD
An optional company name []:
You’ve successfully generated CSR key. Use text editor to copy key file and submit to SSL configuration form.