重要注意事项 An Important Note Before You Start

在生成CSR文件时同时生成您的私钥，如果您丢了私钥或忘了私钥密码，则颁发证书给您后不能安装成功！您必须重新生成私钥和CSR文件，免费重新颁发新的证书。为了避免此情况的发生，请在生成CSR后一定要备份私钥文件和记住私钥密码，最好是在收到证书之前不要再动服务器。

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

To generate a CSR in Covalent follow the instructions below:

1. Start the Covalent SSL Certificate and Key Management Tool in the /path/to/ssl1.6/bin directory.

For the graphical interface, execute: ./sslctl

For the text interface, execute: ./sslctl --textmode

2. Select Generate Certificate and Key from the options that display.

The main Generate Certificate and Key screen displays.

To continue, select Next.

3. In the Server Name screen, enter the name of the server you want to certify. The name you enter is the basis for the key and certificate file names. After you enter the server name, select Next to continue:

4. In the Key Size screen, select the size of your private key. A key size of 1024 bits is recommended. After you define the size you want, select Next to continue:

5. The Pass Phrase screen displays. Enter and confirm the pass phrase for your private key, then select Next to continue:

6. In the Certificate Information screen, define the information for your certificate. This information identifies your organization and site.

Common Name The name of your Web server as it appears in the server's URL (e.g., www.covalent.net). This name must be identical to the fully-qualified domain name of the Web server.

Organization Name This organization must own the domain name that appears in the Common Name. Do not abbreviate.

Organization Unit Name Usually the name of the department or group using the certificate.

Locality Name Usually the name of the city of your organization's home office.

State or Province Name This is the name of the state or province of your organization's head office. Do not abbreviate.

Country Name The two-letter ISO abbreviation for your country.

Email Address The e-mail address of your technical contact person.

After you define the information, select Next to continue:

7. Covalent SSL uses random data to generate your key. This process may take some time:\

8. After Covalent SSL generates the key, the Success screen displays.

Select Finish to return to the main Covalent SSL Certificate and Key Management Tool screen, then select Exit:

9. Modify the Apache configuration file if necessary.

If you are securing the main server and using the included httpsd.conf, the file is configured correctly by default. No modifications are necessary.

If you are securing an additional virtual host, you must include two <VirtualHost> containers for the secure site in the configuration file:

Include a virtual host for HTTP requests listening on port 80.

Include an SSL virtual host for HTTPS requests listening on port 443. The HTTPS virtual host must use an IP-based address and should include the SSLCertificateFile and SSLCertificateKeyFile directives.

This information was obtained from the following Covalent document: https://www.covalent.net/support/docs/ssl/1.6.0/userguide/html/contents.php

测试CSR和把CSR发给WoSign, Start the certificate request process

生成CSR后，建议您自己测试一下生成的CSR文件是否正确，请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器，等待证书的颁发。

To submit the CSR to WoSign for processing you should start the certificate enrollment process.