![[SSL] Generate a Certificate Signing Request (CSR)](https://www.elitepvpers.com/forum/iconimages/web-development/ssl-generate-certificate-signing-request-csr_ltr.gif){kind=small}
Installation on Apache Windows.
Key bit size: 2048-bit.
Ok, then...Step 1: Generate the Private Key.
The "openssl" is used to generate key and CSR. It comes with OpenSSL package and is usually installed into /usr/local/ssl/bin.
If not, these function will have to be adjusted.
Open a command promt and type the following command. Write "openssl" first in the command promt.
Code:
openssl genrsa -des3 -out <file name of the private key>.key 2048
enter then a secure password and remember it. that password will protect the private key.
Just in case: To bypass the pass phrase, omit the -des3 option while generating the private key.
Second Step: Generating the CSR
Type this command at the prompt:
Code:
openssl req -new -key <file name of the private key>.key -config "C:\AppServ\Apache2.2\conf\openssl.cnf" -out <csr file name>.csr
Then the command will prompt the X.509 attributes of the certificate.
Country name: you should use two-letters code without punctuation for country, ex: RO
State or Province: fill there the state completely, not abbreviate.
Locality or City: The Locality field is the city or town name as I think you know.
Company: your company name.
Organizational Unit(Optional): it is optional. OU field is the name of the department or organization unit making the request. To skip, press ENTER.
Common Name: It`s the Host + Domain Name. ex: "www.angell.com" or "angell.com"
NOTE: a certificate for domain "angell.com" will receive a warning if accessing a site named "www.angell.com" or "secure.angell.com".
Skip the other steps...
The public/private key has been created. The private key is stored on the locally server machine and is used for decrypton.
