OpenSSL + Related
OpenSSL Instructions for Generating CSRs Using OpenSSL to generate a CSR (Certificate Signing Request) for a VT Global Qualified Web Server or Middleware Certificate:
NOTE: It is recommended that the native WIndows Server certmanager utility be used to create CSRs (certificate signing requests), however OpenSSL may also be used to perform this function.
If needed, use the links below to download and install the most
current recommended version of OpenSSL. OpenSSL is free to download and
- OpenSSL source from OpenSSL.org - for Linux users
- Windows users will need to install the Microsoft Visual C++ 2008 Redistributables before OpenSSL will function properly
- OpenSSL binaries for Microsoft Windows 32 - for Windows users
- Openssl is a command line program - from the Windows XP menu select "Run" -> cmd [Enter], Vista and Win 7 users can type cmd [Enter] in the Start -> "Search Programs and Files" box. In the resulting dos box type cd c:\openssl\bin or cd c:\openssl-win64\bin as the case may be.
- Generate the RSA key pair and certificate signing request (CSR)
as follows (use the default file names key.pem and
req.pem or substitue your own file names). You must specify your key
size to be at least 2048 bits.
$openssl req -newkey rsa:2048 -keyout key.pem -out req.pem -nodes
If you wish to encrypt your private key then do not include the -nodes option.
- The previous command will result in a dialog with openssl that requests DN attributes to complete the CSR. There are no special requirements to include specific DN attributes in the CSR that you generate.
You may simply respond to the prompts and provide values for the
default attributes that are presented in the dialog. For example:
Country Name (2 letter code) [AU]: press enter for default
State or Province Name (full name) [Some-State]:press enter for default
Locality Name (eg, city) [ ]:press enter for default
Organization Name (eg, company) [internet Widgets Pty Ltd]:press enter for default
Organizational Unit Name (eg, section) [ ]:press enter for default
Common Name (eg, YOUR name) [ ]: press enter for default
Email Address [ ]: press enter for default
A challenge password [ ]: press enter for default
An optional company name [ ]: press enter for default
Important: Be sure to keep all of the files created in the above procedure and any passwords used in a safe place.
For more information on using openssl see Manual page for the openssl command line tool
Last updated on September 2, 2013