User:Hef/Howto Create a CSR
create the csr
openssl req -out STAR.pumpingstationone.org.csr -new -newkey rsa:2048 -nodes -keyout STAR.pumpingstationone.org.key
Your session will look like this.
Generating a 2048 bit RSA private key ........+++ ....+++ writing new private key to 'pumpingstationone.org.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]: State or Province Name (full name) [Illinois]: Locality Name (eg, city) [Chicago]: Organization Name (eg, company) [Pumping Station One]: Organizational Unit Name (eg, section) : Common Name (e.g. server FQDN or YOUR name) :*.pumpingstationone.org Email Address [firstname.lastname@example.org]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
Notice that on bob.ad.pumpingstationone.org, /etc/ssl/openssl.cnf has been configured with sane defaults for a lot of fields.
- Do not put a colon anywhere in any field. Openssl will let you. Your SSL vendor will let you and charge you. Then you will be sad.
- notice that Pumping Station: One normally has a colon. (but don't put it)