SSL证书请求文件(CSR)生成指南 - Silverstream webserver
重要注意事项 An Important Note Before You Start
By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.
For instructions on how to generate a private key and CSR for Silverstream
1. Run the SilverStream AgDigitalIDStep1 program to generate a CSR and private key (PKCS8 password protected).
2. Goto a CA and submit the CSR.
3. Get the X.509 Certificate in Base64 encoded format from the CA
4. Run the SilverStream AgDigitalIDStep2 program to upload the Certificate and the private key to SilverServer.
5. Restart SilverServer to make SSL port active.
There is a configuration (httpd.props) setting that will allow you to change which CN (certificate domain name) the server will look for. You are allowed multiple certificates (with different CN) to be uploaded to the server, since they are stored in the master dB that all servers in a SilverStream Cluster use. Each server will then use the CN that matches it.
Generating a CSR using Novel Silverstream
A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrollment process:
Generate keys and Certificate Signing Request:
Start the SMC and select the Security icon from the toolbar
Select the RSA tab
Choose Generate Request
Complete the items on the panel
The Server DNS Name field should be the Fully Qualified Name (FQDN) or the web address for which you plan to use your Certificate, e.g. the area of your site you wish customers to connect to using SSL. For example, an SSL Certificate issued for domain.com will not be valid for secure.domain.com . If the web address to be used for SSL is secure.domain.com , ensure that the common name submitted in the CSR is secure.domain.com .
The following panel allows you to specify the size of the key pair to generate - Select 1024 and click Next
If prompted, specify the size of the key pair to generate
The following panel shows the paths for the CSR (Certificate Signing Request). You may edit these paths if you choose. You will use this information later when installing the certificate
You may click Copy CSR to Clipboard to copy the contents of the CSR and paste into our web form
测试CSR和把CSR发给WoSign, Start the certificate request process
生成CSR后，建议您自己测试一下生成的CSR文件是否正确，请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器，等待证书的颁发。
To submit the CSR to WoSign for processing you should start the certificate enrollment process.