How to Generate Certificate Signing Request (CSR) in Redhat Secure Web Server

Description

This document provides instructions for generating a Certificate Signing Request (CSR) for  Redhat Secure Web Server. If you are unable to use these instructions for your server, RapidSSL recommends that you contact the Redhat Secure Web Server vendor for additional information.

NOTE: To generate a CSR, you will need to create a key pair for your server. These two items comprise a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match. In this case you will need to replace the certificate, with generating a new keypair.

NOTE: All certificates that will expire after October 2013 must have a 2048 bit key size.

Step 1: Generate a Private Key

NOTE: If you're using Official Red Hat Linux Professional, you can choose whether or not to enable the password feature. This will require you to enter the password every time you start your secure server. 
RapidSSL recommends that you use the password feature to increase the level of security.

With Password Feature

1.      Use the cd command to move to the /etc/httpd/conf directory. 

2.      As root, type the command: “make genkey” 

3.      Your key will be generated and you will be asked to enter and confirm a password. 

You will need to enter this password every time you start your secure Web server.  

4.      Your key will be created and saved to a file named server.key. If you're using Official Red Hat Linux Professional, server.key will be located in the /etc/httpd/conf/ssl.key directory. 

Without Password Feature

1.     Use the cd command to move to the /etc/httpd/conf directory. 

2.     As root, type the command all on one line:

/usr/sbin/sslgenrsa -rand /dev/urandom -out ssl.key/server.key 2048

3.     Set the correct permissions on your key with the command:   

chmod go-rwx ssl.key/server.key

4.      Your key will be created and saved to a file named server.key. 

If you're using Official Red Hat Linux Professional, server.key will be located in the /etc/httpd/conf/ssl.key directory.

Step 2: Create the Certificate Signing Request

1.      In the /etc/httpd/conf directory, become root and type in one of the following two commands:

For Official Red Hat Linux Professional, type in the following command:

make certreq

For Official Red Hat Linux Professional, International Edition, type in the following command (all on one line): 

/usr/bin/openssl req -new -key /etc/httpd/conf/server.key -out /etc/httpd/conf/server.csr

2.      If you used a password when you generated your key, you will be prompted for it.  

3.      Enter information as prompted. Your inputs will be incorporated into the CSR.

- Common Name : The Common Name is the Host + Domain Name. 

NOTE: RapidSSL certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named www.domain.com or  "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".

- Organization Information: If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll.

- The “Organizational Unit” field is the name of the department or organization unit making the request.

- The Locality field is the city or town name, for example: Berkeley.

- State: Do not abbreviate the state or province name, for example: California.

- Country: Use the two-letter code without punctuation for country, for example: US or CA.

4.      A file named server.csr will be created. If you're using Official Red Hat Linux Professional, server.csr will be located in the /etc/httpd/conf/ssl.csr directory.  

5.      You have just created a key pair and a CSR. 

6.      The server.csr file contains your certificate request. To copy and paste the information into the enrollment form, open the file in a Notepad and Vi that does not add extra characters.

7.      Proceed with the Enrolment.

Contact Information

During the verification process, RapidSSL may need to contact your organization. Be sure to provide an email address, phone number, and fax number that will be checked and responded to quickly. 

These fields are not part of the certificate.

 

 

Disclaimer:

WarungSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, WarungSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. WarungSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.

Further, WarungSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Geotrust reserves the right to make changes to any information herein without further notice.

Close

We uses cookies to remember and process the items in your shopping cart as well as to compile aggregate data about site traffic and interactions so that we can continue improving your experience on our site.