For certificate registration you must generate the Apache CSR.
Step 1. You need OpenSSL to generate the Apache CSR and install the certificate. If this program is not installed on your server, you have do it.
Step 2. You have to create a Private Key also, it is called RSA key for Apache web server. You can do it in the correspondent directory:
where ssl.key – key directory by default.
If you use a different path, then navigate to the directory where you stored private keys.
Step 3. To create the Private Key file, type the following command:
openssl genrsa -des3 -out yourdomain.key 2048
In this step you will be prompted to enter a password to access the key. This password you will have to enter each time you start the web server. Don’t forget the password because if you lose the access to the Private Key you have to order a new certificate.
You can also use the Private Key without encryption, if you do not want to enter your password each time you start the web server, but it may affect the security of the data:
openssl genrsa -out yourdomain.key 2048
We recommend to use the name of your domain as the name of the Private Key. This will be especially useful if you have multiple domains with certificates.
Step 4. To generate the CSR request using RSA key type the command:
openssl req -new -key yourdomain.key -out yourdomain.csr
If on Step 3 You choosed key file generating with a password, you have to enter it to generate the CSR.
Step 5. To generate the CSR request, you have to fill the following fields: (use only Latin and do not use: < > ~ ! @ # $ % ^ * / \ ( ) ? . , &):
Common Name Organization Organization Unit City or Locality State or Province Country
Common Name – this is the full name of your website without a protocol.Eg., www.unihost.com or unihost.com. Almost all certificates (except EV SSL) protect both variants of writing the domain name by default.
Organization – the name of the organization according to the Charter of the organization. As a rule, this field is necessary for the validation of the organization. If you order a certificate with domain validation, you may type the domain name in this field.
Organization Unit – the Department name. Eg., it is enough to specify “IT”.
City or Locality -the name of city or locality where your organization or private person is registered.
State or Province – the name of state or province where your organization/private person is registered. If there is none, you can enter oce more the city name.
Country – the country name, type it as an ISO code, for example, GB – Greate Britain, US – USA etc.
We also recommend to specify the e-mail address relevant to the domain (located on a domain or is the administrative), and accessable for you. The email with a link to confirm the certificate will be sent later to this address. You have to follow the link to activate the domain verification and certificate registration.
Leave the password field empty (press Enter).
To check the CSR code use the following command:
openssl req -noout -text -in yourdomain.csr
Step 7. Copy the CSR request including tags BEGIN и END (in a field in the order form on our website).
Do not forget to save the Private Key copy! If you lose this file, you will have to odred the certificate again.
To view the contents of your Private Key use the command:
openssl rsa -noout -text -in yourdomain.key
The Private Key must start from —–BEGIN RSA PRIVATE KEY—– tag and end with и —–END RSA PRIVATE KEY—– tag.