WoSign,making the internet more secure and trusted!
home>Support>CSR Generation Instruction - SSLeay

CSR Generation Instruction - SSLeay

An Important Note Before You Start

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

SSLeay Key and CSR Generation

More and more secure web servers and value-added cryptographic applications are using the SSLeay free cryptographic toolkit, which includes a variety of libraries and utilities to manage secure sockets and public key cryptography.

SSLeay can be found at ftp://psych.uq.edu.au/pub/Crypto/SSL/ .

These servers by and large use the same key and certificate format, and generate Certificate Signing Requests (CSR's) that are compatible with the Thawte Certification System.

Examples are Sioux, Stronghold, ApacheSSL, Alibaba (which is linked against a very old version of SSLeay) and secure versions of WN.

In all of these servers you can use the following procedure to generate your CSR:

Locate ssleay

These instructions assume that SSLeay is installed, and that you have the executable ssleay in your PATH.

They also assume that you are using version 0.8.1 or later... ssleay version will tell you which version you are using.

Generate your key:

ssleay genrsa -des3 1024 > www.myserver.com.key

This command sequence will generate a private key and store it in the file www.myserver.com.key . It will ask you for a pass phrase: use something secure and remember it.

Your certificate will be useless without the key.

If you don't want to protect your key with a pass phrase (only if you absolutely trust that server, and you make sure the permissions are carefully set so only you can read that key) you can leave out the -des3 option.

Generate your CSR:

ssleay req -new -key www.myserver.com.key > www.myserver.com.csr

This command sequence will prompt you for the attributes of your certificate.

You will now have a private key in www.myserver.com.key and a CSR in www.myserver.com.csr .

Paste the CSR into our forms, and hold on to your key. You will need the key to operate your secure server when we issue your certificate.

Start the certificate request process

To submit the CSR to WoSign for processing you should start the certificate enrollment process.