首页>技术支持>SSL证书请求文件(CSR)生成指南 - 4D Webstar Server Suite

SSL证书请求文件(CSR)生成指南 - 4D Webstar Server Suite

重要注意事项 An Important Note Before You Start

在生成CSR文件时同时生成您的私钥,如果您丢了私钥或忘了私钥密码,则颁发证书给您后不能安装成功!您必须重新生成私钥和CSR文件,免费重新颁发新的证书。为了避免此情况的发生,请在生成CSR后一定要备份私钥文件和记住私钥密码,最好是在收到证书之前不要再动服务器。
By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

4D WebSTAR Server Suite / SSL Key and CSR Generation

Thawte's uses X.509 version 3 certificates, which are not supported by 4D WebSTAR Server Suite / SSL versions 2.x, and 3.x. 4D WebSTAR Server Suite / SSL 4.x does support these certificates, and works fine.

Generate a Key Pair

Use the 4D WebSTAR Server Suite Key Generator application that comes with your 4D WebSTAR Server Suite/SSL server to generate a key file containing a public/private key pair for use with your secure server.

Follow these steps:

1. Launch the Key Generator application by double clicking its icon.
2. Enter a password to protect the use of your key pair. 4D WebSTAR Server Suite will ask for this password when you initially launch the server.
Do not forget this password! You'll need it later to authorize 4D WebSTAR Server Suite to use your public/private key pair. We recommend that you write it down and store it in a safe place.
If you lose the password, you will have to purchase a new Digital ID.
3. Click the Create Key button to generate your public/private key pair.
Generating a key can take a few minutes.
4. The Public/Private Key file is stored in an encrypted file.
The file must be named "Public/Private Key" and must be stored in the same folder as the 4D WebSTAR Server Suite server.
5. If necessary, move the Public/Private Key file to the 4D WebSTAR Server Suite folder.

GENERATE A CSR

Use the Certificate Request application to enter the Certificate Signing Request information for your site.
A Certificate Signing Request includes identifiers such as the name of your organization, department within the organization, and where the organization is located.
It also includes the public key for your site.

Your Certificate Signing Request may be rejected if the information is not properly formatted. Be sure to closely follow the conventions outlined in the instructions.
If any of the information is improperly formatted,
Thawte will ask you to correct it and send the request again.

The Certificate Signing Request process requires that you supply an email address and certain identifying information. All the fields are required.
Please do not leave out a field as this results in a CSR which cannot be processed by Thawte. The required fields are:

Common Name (CN): the server's fully qualified host name (such as: hostname.foo.com)
Organization (O): legal, registered organization name
Organizational Unit (OU): optional department name
Locality (L): city the organization resides or is registered in
State or Province (ST): unabbreviated state/province name
Country (C): two-character country code

Follow these steps:

1. Launch the Certificate Request application by double clicking its icon.

2. Type the name of your Web site in the Common Name field, for example: www.foo.com

Make sure that the Common Name you specify will be the actual domain name of your 4D WebSTAR Server - it will be encoded into the server certificate and cannot be changed later without purchasing a new certificate.
Furthermore, this domain name must be the main A name entry for your machine - your certificate will not work if you use an IP address or if the domain name is a CNAME entry (DNS alias), for example.
Contact your network administrator for guidance, if need be.

3. Type the name of your organization in the Organization field, for example:
Foo Corporation

4. Type the name of the department or other organization unit in the Org Unit field (this is compulsory - the CSR will not be accepted without it), for example:
Support

5. Type the name of the city or town in which your organization is located in the Locality field, for example:
San Jose

6. Type the name of the state or province in which the organization is located in the State/Province field, for example:
California

Do not abbreviate the state or province name, spell it out as shown immediately above.

7. Type a two-letter code for the country in which you are located in the Country Code field, for example: CN

Do not spell out the country name, use a 2-letter code. The code for China is CN.

For Canada, the code is CA. For international DID country codes, check here: http://www.starnine.com/webstarssl/countrycodes.html .

8. Type the email address of the site's Webmaster in the email Address field, for example:
webmaster@foo.com

9. In the Phone Number field, type a phone number where Thawte can reach you. Type your fax number in the FAX Number field.
The email Address, Phone Number, and FAX Number fields are not part of the certificate. Thawte uses these fields to contact you if it finds a problem with the certificate request.

10. Click Select Key File and select the Public/Private Key File you created.

11. Enter the password required to access your public/private key pair (the password you entered when generating the key pair, as described in "Generate a Public/Private Key" on page 24).

12. Click the Create button to generate your encrypted certificate request form.

The application creates a file named "Certificate Request" and then quits.

See the 4D WebSTAR Server Suite Installation Guide for further information about installing and setting up your 4D WebSTAR Server.

http://www.webstar.com/Products/webstar/docs/ws4manual.40.html#58917

 

测试CSR和把CSR发给WoSign, Start the certificate request process

生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。
To submit the CSR to WoSign for processing you should start the certificate enrollment process.