Prerequisites:


1. OPEN SSL should be installed/available on the machine where Apache Web server is installed and a private key needs to be generated.

2. OPEN SSL binaries can be downloaded from the following website if not already installed.

https://wiki.openssl.org/index.php/Binaries

3. Private key is required for generating a CSR. Click here for steps to create a private key.


Steps to be followed to generate CSR for Apache webserver:


1. Enter the following command to generate a CSR (SHA256) from the private key.


openssl req -out subdomain.domain.com.csr -key subdomain.domain.com.key -new -sha256




If you encounter the above error, add "-config" switch to the existing command and specify the openssl.cnf path. Move to step 2.



2. Generate CSR with -config switch.


openssl req -out subdomain.domain.com.csr -key subdomain.domain.com.key -new -sha256 -config "C:\Apache24\conf\openssl.cnf"



3. Verify the CSR if it is generated correctly by using the following command.

openssl req -in subdomain.domain.com.csr -config "C:\Apache24\conf\openssl.cnf" -noout -text


Look for the following line in the command output "Signature Algorithm: sha256WithRSAEncryption" to verify if the CSR has the correct signature.




Or you can go to the following website and verify the CSR.


CSR file can be opened in a notepad.


https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp


4. Share the CSR with the SSL vendor to get the SSL certificate.


Steps to be followed to generate CSR in Linux

1. Enter the following command to generate a private key

openssl genpkey -algorithm RSA -out server.key -pkeyopt rsa_keygen_bits:2048



2. Enter the following command to generate a CSR from the private key

openssl req -new -key server.key -out server.csr


Fill in the required details

Country Name (2 letter code) [XX]: IN

State or Province Name (full name) [State]: Maharashtra

Locality Name (eg, city) [City]: Mumbai

Organization Name (eg, company) [Org]: Example Pvt Ltd

Organizational Unit Name (eg, section) []: IT

Common Name (e.g. server FQDN or YOUR name) []: Policy Server URL of the customer (irm.seclore.com)

Email Address []: admin@example.com



3. Verify the CSR if it is generated correctly by using the following command.


openssl req -noout -text -in server.csr



Need more help? 

Contact Seclore Support 

 support@seclore.com Chat Live