首页>技术支持>SSL证书请求文件(CSR)生成指南 - Silverstream webserver

SSL证书请求文件(CSR)生成指南 - Silverstream webserver

重要注意事项 An Important Note Before You Start

在生成CSR文件时同时生成您的私钥,如果您丢了私钥或忘了私钥密码,则颁发证书给您后不能安装成功!您必须重新生成私钥和CSR文件,免费重新颁发新的证书。为了避免此情况的发生,请在生成CSR后一定要备份私钥文件和记住私钥密码,最好是在收到证书之前不要再动服务器。

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

For instructions on how to generate a private key and CSR for Silverstream

1. Run the SilverStream AgDigitalIDStep1 program to generate a CSR and private key (PKCS8 password protected).

2. Goto a CA and submit the CSR.

3. Get the X.509 Certificate in Base64 encoded format from the CA

4. Run the SilverStream AgDigitalIDStep2 program to upload the Certificate and the private key to SilverServer.

5. Restart SilverServer to make SSL port active.

There is a configuration (httpd.props) setting that will allow you to change which CN (certificate domain name) the server will look for. You are allowed multiple certificates (with different CN) to be uploaded to the server, since they are stored in the master dB that all servers in a SilverStream Cluster use. Each server will then use the CN that matches it.

Generating a CSR using Novel Silverstream

A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrollment process:

Generate keys and Certificate Signing Request:

Start the SMC and select the Security icon from the toolbar

Select Certificates

Select the RSA tab

Choose Generate Request

Complete the items on the panel

The Server DNS Name field should be the Fully Qualified Name (FQDN) or the web address for which you plan to use your Certificate, e.g. the area of your site you wish customers to connect to using SSL. For example, an SSL Certificate issued for domain.com will not be valid for secure.domain.com . If the web address to be used for SSL is secure.domain.com , ensure that the common name submitted in the CSR is secure.domain.com .

Click Next

The following panel allows you to specify the size of the key pair to generate - Select 1024 and click Next

If prompted, specify the size of the key pair to generate

Click Next

The following panel shows the paths for the CSR (Certificate Signing Request). You may edit these paths if you choose. You will use this information later when installing the certificate

Click Next

You may click Copy CSR to Clipboard to copy the contents of the CSR and paste into our web form

Click Finish

测试CSR和把CSR发给WoSign, Start the certificate request process

生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。

To submit the CSR to WoSign for processing you should start the certificate enrollment process.