Generate a CSR

The Certificate Signing Request is a string of text generated by your server software. Izenpe needs you to submit the CSR with the certificate application in order to complete the registration process. To generate a CSR you have to know the type of server software running on your web server.

Below you will find guides for the various servers:

a)   Under Administrative Tools, open Internet Services Manager.

b)   Open the Properties window by right-clicking on the name of the Web site you wish to secure.

c)   Click the Directory Security tab.

d)   Click Server Certificate in the Secure communications section. If you have not used this option before the Edit button will not be active.

e) Select Create a new certificate 

f) Provide the information requested by the IIS Certificate Wizard to create a private key, which will be stored locally in your server, and a public key (Certificate Signing Request), which will be used during the enrollment process. You've now created a public/private key pair. Consult the section on defined terms if you have any questions about necessary information.

h)  Go to Enrollment: https://servicios.izenpe.com/partners/cambiarIdioma.do?lang=en

j)  To copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).

a) Click Start.

b)Select Administrative Tools.

c) Start Internet Services Manager.

d) Click Server Name.

e) From the center menu, double-click the "Server Certificates" button in the "Security" section.

f) Select "Actions" menu (on the right), click on "Create Certificate Request."

g) Enter Organisation and Organisation Unit, these are your company name and department respectively.

j) Enter your City/locality, State/province and Country/region.

k) Click Next.

In the "Cryptographic Service Provider Properties" window, Leave Cryptographic Service provider Default (Microsoft RSA SChannel Cryptographic Provider) Change the Bit Length to (2048) then Click Next.

l) Enter a filename and location to save your CSR.

m) Click Finish.

     

To save your private key:

  • Go to: Certificates snap in in the MMC
  • Select Requests
  • Select All tasks
  • Select Export

Open the Server App.

a) In the Finder window, under Favorites, click Applications and then double-click Server.

b ) In the Server App window, under Choose a Mac, do one of the following options to select the server on which to create your CSR:

Note:   You should select the server on which you are going to eventually install this SSL Certificate.

  • To create the CSR on this server

    1. Select This Mac – YourServerName and then click Continue.

    2. Enter your Administrator Name and Administrator Password and then click Allow.

  • To create the CSR on another server

    1. Select Other Mac – YourServerName and then click Continue.

    2. Enter your Host Name/IP Address, your Administrator Name and Administrator Password and then clickAllow.

c) In the Server App window, under Server, click Certificates.

 

d) On the Certificates page, click + > Get a Trusted Certificate.

 

e) On the Get a Trusted Certificate page, click Next.

 

Enter the following information:

Host Name:Enter the name to be used to access the certificate. This name is usually the fully qualified domain name (FQDN).
 For example, www.yourdomain.com or yourdomain.com
  
Contact Email Address:Enter an email address at which you can be contacted.
  
Company or Organization:Enter the legally registered name of your organization or company.
  
Department:Enter the name of your department within the organization. For example, you can enter IT or Web Security.
  
Town or City:Enter the town or city where your organization or company is located.
  
State or Province:Enter the state or providence where your organization or company is located.
  
Country:In the drop-down list, select the country where your organization or company is located.
  

 

f) To generate your CSR, click Next.

g) Click Save to save the CSR. Make sure you note the filename and location of the file.

h) Click Finish.

 

 

a)   Start the Certificate Request Generator servlet. The .war file for the servlet is located in the \wlserver6.0\config\mydomain\applications directory. The .war file is automatically installed when the WebLogic Server is started.

b)   In a Web browser, enter the URL for the Certificate Request Generator servlet as follows: https://hostname:port/Certificate

The components of this URL are defined as follows:

a)   Nombre de host:The DNS name of the machine running WebLogic Server port:

b)   Server: The number of the port at which WebLogic Server listens for SSL connections. The default is 7002.

c)   The Certificate Request Generator servlet loads a form in the web browser.

d)   Complete the form displayed in the browser.

e)   Click Generate Request button.

f)    You have just created a key pair and a CSR.

 

a)   Start the Certificate Request Generator servlet.

b)   In a Web browser, enter the URL for the Certificate Request Generator servlet as follows: https://hostname:port/Certificate

The components of this URL are defined as follows:

a)   Host name: The DNS name of the machine running WebLogic Server port.

b)   Server: The number of the port at which WebLogic Server listens for SSL connections. The default is 7002.

c)   The Certificate Request Generator servlet loads a form in the web browser.

d)   Complete the form displayed in the browser.

e)   Click Generate Request button.

f)    You have just created a key pair and a CSR.

 

a) Prepare the keystore

b)   If you are running a 1.3 JVM, download JSSE 1.0.2 (or later) from http://java.sun.com/products/jsse/ and either make it an installed extension on the system, or else set an environment variable JSSE_HOME that points at the directory into which you installed JSSE.

c)  Create a new keystore by executing the following command:

$JAVA_HOME/bin/keytool –genkey –keystore -alias tomcat -keyalg RSA -keysize 2048

d)   Create a password

e)  Enter the domain name of your website (for example www.misitio.org) in the "First and Last name" field to create a working certificate.

If you require additional information visit the Tomcat website.

f)   To generate the CSR, run the following command:

$JAVA_HOME/bin/keytool -certreq -keystore -alias tomcat -file certreq.csr -sigalg sha2WithRSA

 

Create private key

a)   Use the cd command to move to the /etc/httpd/conf directory.

b)   As root, type in one of the following three commands to generate your key:

c)   If you're using Official Red Hat Linux Professional and you want to use the included password feature, type in the following command: make genkey

d)   Your key will be generated and you will be asked to enter and confirm a password. Please note that you will need to remember and enter this password every time you start your secure Web server. Don't forget this password.

e)   If you're using Official Red Hat Linux Professional and you don't want to be required to type in a password every time you start your secure Web server, use the following command instead of make genkey to create your key (note that the following command should be typed in all on one line):

/usr/sbin/sslgenrsa -rand /dev/urandom -out ssl.key/server.key 2048

f)    Then use the following command to set the correct permissions on your key:

chmod go-rwx ssl.key/server.key

g)   If you use the above commands to create your key, you will not need to use a password to start your secure Web server. However, we don't recommend that you disable the password feature for your secure Web server, since it decreases the level of security for your server.

h)   Your key will be created and saved to a file named server.key. If you're using Official Red Hat Linux Professional, server.key will be located in the /etc/httpd/conf/ssl.key directory. If you're using Official Red Hat Linux Professional, International Edition, server.key will be located in /etc/httpd/conf.

Create the Certificate Signing Request (CSR)

a)   In the /etc/httpd/conf directory, become root and type in one of the following commands:

b)   If you're using Official Red Hat Linux Professional, type in the following command:

make certreq

c)   If you're using Official Red Hat Linux Professional, International Edition, type in the following single command (all on one line):

//usr/bin/openssl req -new -key /etc/httpd/conf/server.key -out /etc/httpd/conf/server.csr

d)   You will be prompted for your password (if you used a password when you generated your key). Type in the password, if necessary.

e)   You'll see some instructions and you will be prompted for responses. Your inputs will be incorporated into the CSR.

f)    When you've finished entering your information, a file named server.csr will be created. If you're using Official Red Hat Linux Professional, server.csr will be located in the /etc/httpd/conf/ssl.csr directory.

g)   You have just created a key pair and a CSR.

 

Generate key pair

The "openssl" tool is used to create the key and CSR. This tooks comes with the OpenSSL package and is usually installed under /usr/local/ssl/bin. If you have a custom install, these instructions will need to be adjusted accordingly.

a)   Change the directory: cd /usr/local/ssl/private

b)   Generate the private key by typing in the following command:

openssl genrsa -des3 2048 > Izenpe.key

 

Generate the Certificate Signing Request (CSR)

a)   Change the directory: cd /usr/local/ssl/crt

b)   Generate a CSR by typing in the following command:

openssl req -new -key / /Izenpe.key > Izenpe.csr

c)   You can also generate a self-signed certificate by entering the following command:

openssl req -x509 -key / /Izenpe.key -in Izenpe.csr > Izenpe.crt

 



Create a local certificate keytool -genkey -alias tomcat -keyalg RSA \-keystore

Note: In some cases you will have to enter the domain of your website (i.e. www.myside.org) in the field "first- and lastname" in order to create a working certificate.

The CSR is then created with: keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \ -keystore

Now you have a file called certreq.csr that you can submit to Izenpe in exchange for a certificate.

Awards

  • Certificado Aenor 27001
  • ETSI MEMBER
  • Recognition of equality Emakunde
  • Bikain, Euskararen Kalitate Ziurtagiria