DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

The software you build is only as secure as the code that powers it. Learn how malicious code creeps into your software supply chain.

Apache Cassandra combines the benefits of major NoSQL databases to support data management needs not covered by traditional RDBMS vendors.

Generative AI has transformed nearly every industry. How can you leverage GenAI to improve your productivity and efficiency?

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Related

  • Memory Management in Couchbase’s Query Service
  • How to Build Slack App for Audit Requests
  • Idempotency in Distributed Systems: When and Why It Matters
  • Perfecting CRUD Functionality in NextJS

Trending

  • Contextual AI Integration for Agile Product Teams
  • Building Custom Tools With Model Context Protocol
  • Build Your First AI Model in Python: A Beginner's Guide (1 of 3)
  • Cloud Cost Optimization for ML Workloads With NVIDIA DCGM
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. How to Generate a WildCard SSL Certificate Signing Request (CSR)

How to Generate a WildCard SSL Certificate Signing Request (CSR)

Check out this post to learn how to generate a WildCard SSL Certificate Signing Request (CSR) for Apache + Mod SSL + OpenSSL. Read more below!

By 
Jim Aron user avatar
Jim Aron
·
Jul. 18, 18 · Tutorial
Likes (1)
Comment
Save
Tweet
Share
50.3K Views

Join the DZone community and get the full member experience.

Join For Free

Due to the vast number of emails, calls, and live chat requests being received from SSL users on a daily basis, we have compiled this comprehensive guide. Many SSL users rely on the Certificate Signing Request (CSR) generation, which is required to obtain a certificate from Certificate Authorities (CA).

In this guide, we will specifically address the process of obtaining a certificate signing request for Apache + Mod SSL + OpenSSL servers. Here, we have included the easy and quick steps of CSR generation from the major Certificate Authorities (CAs) on the web.

In order to create a CSR, users need two types of keys known as private and public keys. Next, in order for the CSR to be generated by all keys, the password and certificate must contain the same information before installing any certificate on the server.

Step1: Creation of the Private Key

Here, we have what is commonly known as the OpenSSL utility, which is mostly used to generate the private key and CSR. The OpenSSL utility comes standard with any OpenSSL package and should be installed on the following path:

/usr/local/ssl/bin


If the OpenSSL utility package is installed on a different path, please refer to the information below to adjust the OpenSSL package installation path.

Enter the following commands at the prompt:

opensslgenrsa -des3 -out .key 2048


The above command will raise a 2048 bit RSA private key, and it will store at the file www.myhostname.com.key.

Important Note:

All SSL Certificate CSRs must have 2048-bit key length

When prompted with the password command, you need to be sure to enter a secure password that can also be remembered. This password will not only protect the private key, but it will be essential to the secure the certificate as well. That being said, a password that cannot be recalled is about as useless as any bad or unsecure password (i.e. 1234321, PASSWORD).

To bypass the passphrase requirement, omit the -des3 option when generating the private key. However, if you choose to leave the private key unprotected, Symantec recommends access to the server be heavily restricted so that only authorized server administrators can access or read the private key file.

Step 2: Generation of the CSR (Certificate Signing Request)

Enter the following command at prompt:

opensslreq -new -key .key -out .csr


If you are using OpenSSL on a Windows server you may be able to use the following direct path to reach “openssl.cnf”:

opensslreq -new -key .key -config 
“c:\Apache Software Foundation\Apache2.2\conf\openssl.cnf”-out .csr


You must now enter the mandatory information of the organization in order to create the CSR. The following is a basic overview of each requirement.

Certificate Signing Request or CSR Guide for Wildcard SSL Certificate

  • First, go to the start menu and open the Internet Information Services (IIS) manager.
  • You will find the Connections column on the left. Double-click on Server Certificates listed in the column.IIS Search Consol for Server Certificates
  • Now, go to the Actions column on the right-hand side and double-click on Create Certificate Request.
  • Enter all your company information in the Request Certificate window and click Next.
  • Now, let the default Cryptographic Service Provider remain as it is and change the bit length to 2048 bit or higher. Click Next.IIS Console for CSP Properties
  • Save the certificate by browsing the file name and click Finish.

Country Name: Enter the two-letter code without punctuation of the respective country (i.e. US, UK)

State or Province: Enter the complete state name, please be sure to not abbreviate or shorten it. (i.e. New York, not NY)

Locality or City: The locality field is the city or town name. Again, do not abbreviate. (i.e. Saint Petersburg, not St. Petersburg)

Company: If the company or organization name has any symbol, such as &, @, or *, included within their name, the symbol must be properly spelled out. Here are the illustrations of (i.e. AB & C Corporation would be AB and C Corporation)

Organizational Unit: This field is optional, but, if provided, this information will serve as additional authentication for obtaining the certificate from the CA. But, if you prefer to skip this step, simply press enter on the keyboard.

The common name is the host + domain Name. The information provided here will look much like something along the lines of “*.company.com”.

Do not try to add an email address, challenge passwords, or add an optional company name when generating the CSR.

At this point, you will have successfully generated both your private and public keys. The private key (www.hostname.com.key) is stored locally on the server and is employed for decryption. The public key, in the form of a WildCard SSL Certificate Signing Request (certrequest.csr), will be for certificate enrollment.

To copy and paste the information into the enrollment form, open the file in a text editor, such as Notepad or Vi, and save it as a .txt file. Do not use Microsoft Word — it will insert extra hidden characters that will alter the contents of the CSR rendering it useless.

In order to know more about Wildcard SSL Certificate security features and its functionality, if you are still not sure whether you have bought right Wildcard SSL certificate with the appropriate security feature, then visit our official wildcard SSL certificate and choose the right one.

Easy and quick CSR generation tool from experts of Wildcard SSL certificate. More information visits our CSR generation tool page.

Certificate signing request Requests

Published at DZone with permission of Jim Aron. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Memory Management in Couchbase’s Query Service
  • How to Build Slack App for Audit Requests
  • Idempotency in Distributed Systems: When and Why It Matters
  • Perfecting CRUD Functionality in NextJS

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!