SSL 247 are authorised strategic resellers of Verisign,GlobalSign, Geotrust and RapidSSL products

Apache + SSLeay

Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit that can be generated into a SSL Security Certificate.

OpenSSL is the open source project that replaced SSLeay. If you are using SSLeay on your system instead of OpenSSL, substitute ssleay with openssl for the commands.

Install OpenSSL, if not found on your server.

Create a RSA key for your Apache server:
cd /apacheserverroot/conf/ssl.key (ssl.key is the default key directory.)

If you have a different path, cd to your server’s private key directory

Type the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your webserver: Warning: If you lose or forget the passphrase, you must purchase another certificate.

openssl genrsa -des3 -out domainname.key 1024

You could also create a private key without file encryption:

openssl genrsa -out domainname.key 1024

Note: We recommend that you name the private key using the domain name that you are purchasing the certificate for ie domainname.key

Type the following command to create a CSR with the RSA private key (output will be PEM format):

openssl req -new -key domainname.key -out domainname.csr

* Note: You will be prompted for your PEM passphrase if you included the "-des3" switch in step 3.

When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

Distinguished Name Fields	Explanation	Example
Country Name	The two-letter ISO abbreviation for your country. Please click here for the complete list of ISO country codes.	US = United States GB = United Kingdom
State or Province Name	The state or province where your organization is located. Can not be abbreviated.	Georgia
City or Locality	The city where your organization is located.	Atlanta
Company (Organization) Name	The exact legal name of your organization. Do not abbreviate your organization name.	My Company, Inc
Organizational Unit	Optional for additional organizational information.	Marketing
Common Name (Server Host Name)	The fully qualified domain name for your web server. You will get a certificate name check warning if this is not an exact match.	If you intend to secure the URL https://secure.mydomain.com, then your CSR's Server Hostname must be secure.mydomain.com
Server Administration email address (if applicable)	Your email address	abc@mydomain.com

Do not enter extra attributes at the prompt.

Warning: Leave the challenge password blank (press enter)

Note: If you would like to verify the contents of the CSR, use the following command:

openssl req -noout -text -in domainname.csr

You are now ready to submit your CSR for the certificate you wish to install:

• FreeSSL
• RapidSSL™
• RapidSSL Pro™
• RapidSSL Pro Wildcard™
• GeoTrust QuickSSL Premium™
• Geotrust True BusinessID®
• Geotrust True BusinessID® Wildcard
• GeoTrust PowerServer ID™
• GlobalSign Domain ServerSign™
• GlobalSign Domain ServerSign™ Wildcard
• GlobalSign Extended ServerSign™
• GlobalSign Organization ServerSign™
• GlobalSign Organization ServerSign™ with IP
• GlobalSign Organization ServerSign™ Wildcard
• GlobalSign Organization ServerSign™ with SAN
• VeriSign Secure Site
• VeriSign Secure Site Pro
• VeriSign Secure Site Pro with EV

Create a backup of your private key!

Make a copy of the private key file (domainname.key) generated in step 3 and store it in a safe place! If you lose this file, you must purchase a new certificate.

* The private key file should begin with (when using a text editor)

-----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.

To view the contents of the private key, use the following command:

openssl rsa -noout -text -in domainname.key