WoSign,making the internet more secure and trusted!

Certificate Signing Request (CSR) Generation Instructions

When generate your certificate signing request file, it is important to read the documentation provided by your software vendor. They are the experts when it comes to using your software with WoSign SSL certificates.

Apache-SSL / Apache ModSSL * Netscape Commerce
Apache Mod_SSL on MAC OS X * Netscape Enterprise 3.x
BEA web logic Oracle Wallet Manager*
  Oracle Web Server (OAS 4.0.8)*
C Orion Web Server
Citrix Secure Gateway 1.0 O'Reilly Website Professional
Citrix Secure Gateway 1.1  
CNT Web Integrator P
Cobalt Raq* PowerWeb Servers
Covalent server products*  
I Qpopper
IBM ICSS* Quid Pro Quo Secure
Infinite InterChange R
Infinite WebMail Raven SSL*
Innosoft PMDF-TLS* Raven SSL CTL Interface*
iPlanet 4.x RedHat Linux*
iPlanet 6.x Roxen*
IFactory Commerce Builder Resin
J2EE Application Server Sambar
Java Web Server Silverstream
Jetty Java HTTP Servlet Web Server Stronghold
  SSLeay-based Servers
L SyBase EAServer
Lotus Domino Go  
Lotus Notes Domino T
  Tenon WebTen
M Tomcat
Microsoft IIS 5 W
Microsoft IIS 6 WebSite Professional 2.x
  4D WebSTAR Server Suite/SSL *
Z WSFTP FTP application

Before you start

Before you can begin the process of obtaining a Certificate, you must generate a Private Key and CSR pair off the web server.

A CSR is basically a Public Key that you generate on your server that validates the computer-specific information about your web server and Organization when you request a Certificate from WoSign.

The Public Key, also known as a Certificate Signing Request (CSR), is the key that will be sent to WoSign. The Private Key will remain on the server and should never be released into the public. WoSign does not have access to your Private Key. It is generated locally on your server and is never transmitted to WoSign. The integrity of your certificate depends on your private key being controlled exclusively by you.

A CSR cannot be generated without generating a Private Key file nor can the Private Key file be generated without generating a CSR file. In certain web server software platforms like Microsoft IIS, both are generated simultaneously through the Wizard on the web server.

Typically, you will be prompted to enter the following information about your Organization in order to generate the Private Key and CSR pair off the web server:


If you wish to secure www.mydomain.com, then you will need to enter the exact host (www) and domain name in this field. If you enter mydomain.com then the Certificate issued to you will only work error free on that exact domain name. It will cause an error when you or your users access the domain name as www.mydomain.com .

The term "common name" is X.509 speak for the name that distinguishes the Certificate best, and ties it to your Organization. In the case of SSL Web Server Certificates, enter your exact host and domain name that you wish to secure. This may also be the root server or intranet name for your Organization.

Note about Certificate Renewals

Usually, before you can renew a Certificate, a new Key/CSR pair will have to be generated off the server, the Key must then be backed up and then the newly created CSR has to be submitted through the renewal process.

But, when renewing a Certificate requested for any of the Server Software Platforms listed in the thawte knowledge base solution below, you will not need to submit a new or renewal CSR in order to get your renewal Certificate. It will use your old CSR for your renewal Certificate. This means that the renewal Certificate, once issued, will only work on the Private Key file that was originally used to create the CSR, which was originally submitted to WoSign.