Before you send a request for an SSL certificate, you must create a Certificate Signing Request (CSR) on the server that you want to secure. There are multiple ways to generate a 'Certificate Signing Request' and it will generally depend on the web server or device in which you intend to install the SSL certificate. A CSR is an encrypted file that contains information about your company, including the domain name.
- Country: Two-letter ISO 3166 country code. For example, the code for the Japan is "JP". For US, it is "US".
- State or Province: Full name of the state or province where your company is headquartered, such as "California".
- Locality or City: Full name of the locality or city where your company is headquartered, such as "Los Angeles".
- Organization: Full legal name of your company.
- Common Name:The website that you will protect with the SSL certificate.
There could be additional constraints for creating a CSR, depending on the vendor or state that will issue the SSL certificate.
The process used to create a CSR depends on the server that you are securing. Aster AMC and AppCenter use the Apache httpd server and for these browser apps, the procedure to create a CSR is :
- Use the terminal client (ssh) to log in to your server.
Type the following command to generate the CSR file and a private key for decrypting SSL certificate:
#openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
where server is the name of your server.
- Save the private key file because it is necessary for installing SSL certificate.
- Enter the fully qualified domain name when prompted for the Common Name. For a wildcard certificate, the common name must begin with asterisk . For example, *.yourcompany.com.
Type your organizational information when prompted. The CSR file is now created.
The output file, server.csr is the CSR.openssl is installed by default on all Aster nodes.