This article applies to:
- R3000/web filter (WF/WFR)
- Security Reporter
Question:
Create a CSR (SSL Certificate Signing Request)
Reply
General CSR Creation Guidelines
Before you can order your SSL Certificates, you must first generate a CSR (Certificate Signing Request) on your server. A CSR is an encrypted body of text. Your CSR will contain encoded information specific to your company and domain name; this information is known as a Distinguished Name (DN).
In the DN for servers are the following fields: Common Name, Organization, Organizational Unit, Locality, State or Province, and Country. Please note:
The Common Name is the Fully Qualified Domain Name (FQDN) for which you are requesting the SSL certificate.
If you are generating a CSR for a Wildcard Certificate your common name must start with *. (for example: *.domain.com). The wildcard character (*) will be able to assume any name that does not have a "dot" character in it.
The Organization Name is your Full Legal Company, School or Personal Name, as legally registered in your locality.
The Organizational Unit is whichever branch of your company is ordering the certificate such as accounting, marketing, information technologies, etc.
Locality: The Locality field is the city or town name, for example: Los Angeles. Do not abbreviate. For example: Saint Louis, not St. Louis
State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: California
The Country is a two-digit code -- Use the two-letter code without punctuation for country, for example: for the United States, it's 'US' or 'CA' for Canada.
Once your CSR is created, download CSR and provide it to the certificate issuing authority such as Verisign, digicert, GoDaddy or Thawte. We recommend backing up the CSR and storing of the corresponding pass phrase.A good choice is to create a copy of this file onto a diskette or other removable media. While backing up the private key is not required, having one will be helpful in the instance of server failure. Remember not to delete the created CSR in the R3000; otherwise, your certificate will become useless.
- This article was previously published as:
- 8e6 KB 299142