What are the easiest steps to set up a CSR for SonicWALL SSL Offloaders?
To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match. You will have to request a new SSL Certificate and may be charged.
The CSR needs to contain the following attributes:
Common Name – Must match the URL you plan to secure exactly – is usually your fully-qualified domain name (e.g. devel.ssl247.co.uk or mail.devel.ssl247.co.uk). Remember the www. Is important – include it if you want to secure https://www.yoursite.com & exclude it if you want to secure https://yoursite.com.
Organisation - The legal (officially registered) name of your organization/company include Inc., LLP., Pvt, Plc. Ltd. SARL., etc.
Organisational unit - The name of your department within the organization (this is often "IT," "Web," or is just left blank).
City/locality - The city or town in which your organization is located.
State/province - The state in which your organization is located.
Country - Click here for the official list of ISO country codes for this field.
Note: Certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".
We recommend that you contact the SSL Offloader vendor for additional information.
Generate a Private Key and CSR
- Create a directory called ‘C:\test’.
- Launch OpenSSL.
- Enter the following command to create a private key:
genrsa -des3 -out c:\test\key.pem 2048 - Enter in a passphrase to protect the key (at least six characters).
- Enter the following command to create a certificate request:
req –new –key c:\test\key.pem –out c:\test\req.pem –config openssl_config.txt - Fill in the required fields for the certificate you want to generate. You have now created a key pair and a CSR.
- To copy and paste the information into the enrollment form, open the CSR file in a text editor that does not add extra characters (Notepad or Vi are recommended).