česky | english
Help - How do I generate a private key and CSR using OpenSSL?
Firstly you will need to run the following command, preferably in secured directory no one else can access, however protecting your private keys is beyond the scope of this document.
# openssl req -nodes -new -keyout private.key -out server.csr
Then the system will try to generate some very random numbers to get a secure key.
Generating a 1024 bit RSA private key ...++++++ ....++++++ writing new private key to 'private.key'
You will then be asked to enter information about your company into the certificate. Below is a valid example:
Country Name (2 letter code) [AU]:AU State or Province Name (full name) [NSW]:NSW Locality Name (eg, city) [Sydney]:Sydney Organization Name (eg, company) [XYZ Corp]:CAcert Inc. Organizational Unit Name (eg, section) [Server Administration]:. Common Name (eg, YOUR name) :www.cacert.org Email Address :firstname.lastname@example.org
Finally you will be asked information about 'extra' attribute, you simply hit enter to both these questions.
Next step is that you submit the contents of server.csr to the CAcert website, it should look *EXACTLY* like the following example otherwise the server may reject your request because it appears to be invalid.
-----BEGIN CERTIFICATE REQUEST----- MIIBezCB5QIBADA8MRcwFQYDVQQDEw53d3cuY2FjZXJ0Lm9yZzEhMB8GCSqGSIb3 DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQDQd1+ut4TJLWZf5A9r3D17Kob+CNwz/jfCOYrH0P6q1uw4jfSyrWUeSaVc 59Xjpov8gRctlAuWM9KavkLSF6vcNdDEbvUYnL/+ixdmVE9tlXuSFEGz0GAF5faf QZe30wk+2hnC6P+rwclypOhkTXtWgvSHPZg9Cos8xqDyv589QwIDAQABoAAwDQYJ KoZIhvcNAQEEBQADgYEAJruzBZr4inqaeidn1m2q47lXZUWjgsrp3k3bFJ/HCb3S 2SgVqHFrOisItrr7H0Dw2EcPhIrRokRdjIAwwlxG9v21eFaksZUiaP5Yrmf89Njk HV+MZXxbC71NIKrnZsDhHibZslICh/XjdPP7zfKMlHuaaz1oVAmu9BlsS6ZXkVA= -----END CERTIFICATE REQUEST-----
Once you've submitted it the system will process your request and send an email back to you containing your server certificate.