• The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your Certificate, e.g. the area of your site you wish customers to connect to using SSL. For example, an SSL Certificate issued for bmhsrv.com will not be valid for secure.bmhsrv.com. If the web address to be used for SSL is secure.bmhsrv.com, ensure that the common name submitted in the CSR is secure.bmhsrv.com

Our SSL Certificates are compatible with almost all popular webserver software. If your webserver software does not appear on the list, please contact support@bmhsrv.com with full details of your webserver software and we will contact you with further instructions.


Supported Platforms
Generating a Certificate Signing Request (CSR) using Apache Mod_SSL/OpenSSL
Generating a Certificate Signing Request (CSR) using Cobalt RaQ4/XTR
BEA Weblogic Certificate Signing Request (CSR) Generation
Generating a Key Pair and CSR for a Stronghold Server
Generating a CSR using WHM/CPanel
Generating a Certificate Signing Request (CSR) using Apache via Ensim Webppliance 3.1.x
F5 Big IP Controller 4.X CSR Creation
Generating a Certificate Signing Request (CSR) using Hsphere
Generating a Certificate Signing Request (CSR) using IBM HTTP Server
IBM WebSphere Advanced Single Server Edition 4.0
Generating a Certificate Signing Request (CSR) using Java Based Web Servers
Generating a Certificate Signing Request (CSR) using Lotus Domino Server versions 4.6x and 5.0x
Generating an IIS SSL Certificate Signing Request (CSR) using Microsoft IIS 5.x / 6.x
Securing Your Outlook Web Access Implementation Using SSL
Generating a Certificate Signing Request (CSR) using I-Planet Web Server
Generating a Certificate Signing Request (CSR) using Novell I-Chain
Plesk Server Administrator 7 CSR Creation
Generating a Certificate Signing Request (CSR) using Website Pro 3.x
Webstar 5.x CSR generation
Generating a Certificate Signing Request (CSR) using Zeus

Generating a Certificate Signing Request (CSR) using Apache Mod_SSL/OpenSSL

A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrollment process:

Generate keys and certificate:

openssl req -new -nodes -keyout myserver.key -out server.csr

This creates a two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.

In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).

You will now be asked to enter details to be entered into your CSR

What you are about to enter is what is called a Distinguished Name or a DN.

For some fields there will be a default value, If you enter '.', the field will be left blank.

-----
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: Califronia
Locality Name (eg, city) []: Los Angeles
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: mydomain.com
Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request

A challenge password []:
An optional company name []:
-----

Use the name of the webserver as Common Name (CN). If the domain name is mydomain.com append the domain to the hostname (use the fully qualified domain name).

The fields email address, optional company name and challenge password can be left blank for a webserver certificate.

Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.

	Top

Generating a Certificate Signing Request (CSR) using Cobalt RaQ4/XTR

To enable SSL on a virtual site:
Go to the Server Management screen.
Click the green icon (Wrench for RaQ4, Pencil for XTR) next to the virtual site on which you want to enable SSL. The Site Management screen appears.
Click Site Settings on the left side.
(Then 'General' for XTR)
Click the check box next to Enable SSL.
Click Save Changes.
The RaQ4/XTR saves the configuration of the virtual site.

Generate a self-signed certificate:
Once SSL is enabled, the user must now create a self-signed certifcate. The self-signed certifcate will be signed later by an external authority.
Go to the Server Management screen.
Click the green icon (Wrench for RaQ4, Pencil for XTR) next to the SSL enabled virtual site
Click SSL Settings on the left side.
The Certificate Subject Information table appears.
Enter the following information:
   Country Enter the two-letter country code
   State Enter the name of the state or County
   Locality Enter the city or locality
   Organization Enter the name of the organization
   Organizational Unit As an option, enter the name of a department
Select Generate self-signed certificate from the pull-down menu at the bottom.
Click Save Changes.
The RaQ4/XTR processes the information and regenerates the screen with the new self-signed certificate in the Certificate Request and Certificate windows.

Copy the entire contents of the certificate request, including
-----BEGIN CERTIFICATE REQUEST-----
and
-----END CERTIFICATE REQUEST-----
for use during the purchasing process.

	Top

BEA Weblogic Certificate Signing Request (CSR) Generation

Requesting a Private Key and Digital Certificate

You must submit your request in a particular format called a Certificate Signature Request (CSR). WebLogic Server includes a Certificate Request Generator servlet that creates a CSR. The Certificate Request Generator servlet collects information from you and generates a private key file and a certificate request file. You must then submit the CSR. Before you can use the Certificate Request Generator servlet, WebLogic Server must be installed and running.

Start the Certificate Request Generator servlet (certificate.war). The .war file is automatically installed when you start WebLogic Server. In a Web browser, enter the URL for the Certificate Request Generator servlet as follows:

https://hostname:port/Certificate

hostname is the DNS name of the machine running WebLogic Server. port is the number of the port at which WebLogic Server listens for SSL connections.

For example, if WebLogic Server is running on a machine named comodo and it is configured to listen for SSL communications at the default port 7002 to run the Certificate Request Generator servlet, you must enter the following URL in your Web browser:

https://comodo:7002/certificate

The Certificate Request Generator servlet loads a form in your web browser. Complete the form displayed in your browser.

Click the Generate Request button. The Certificate Request Generator servlet displays messages informing you if any required fields are empty or if any fields contain invalid values. Click the Back button in your browser and correct any errors.

Note: Private Key Password If you don't not specify a password, you will get an unencyrpted RSA private key. If you specify a password, you will get a PKCS-8 encrypted private key. When using PKCS-8 encrypted private keys, you need to enable the Use Encrytped Keys field on the SSL tab of the Server window in the Administration Console.

When all fields have been accepted, the Certificate Request Generator servlet generates the following files in the startup directory of your WebLogic Server: mydomain_com-key.der-The private key file. The name of this file should go into the Server Key File Name field on the SSL tab in the Administration Console. mydomain_com-request.dem-The certificate request file, in binary format. mydomain_com-request.pem-The CSR file that you submit.. It contains the same data as the .dem file but is encoded in ASCII so that you can copy it into email or paste it into a Web form.

	Top

Generating a Key Pair and CSR for a Stronghold Server

Stronghold keys and certificates are managed through three scripts: genkey, getca and genreq. These are part of the normal Stronghold distribution. Keys and certificates are stored in the directory$SSLTOP/private/, where SSLTOP is typically /usr/local/ssl.

To generate a key pair and CSR for your server:
Run genkey, specifying the name of the host or virtual host: genkey hostname. The genkey script displays the filenames and locations of the key file and CSR file it will generate: key file: /usr/local/www/sslhostname.key CSR file: /usr/local/www/sslhostname.cert

Note: If you already have a key for your server, run genreq [servername] to generate only the CSR.

Press Enter. The genkey script reminds you to be sure you are not overwriting an existing key pair and certificate.
When prompted, enter a key size. Comodo recommends using a 1024 key size.
When prompted, enter random key strokes. Stop when the counter reaches zero and genkey beeps. This random data is used to create a unique public and private key pair.
When prompted, enter Y to create the key pair and CSR.
Enter the two-letter country code for your country. You must use the correct ISO country code, other abbreviations will not be recognised. For example, the correct code for United Kingdom is GB.
Enter the full name of your state or territory. Please do not abbreviate.
Enter the name of your city, town, or other locality.
Enter the name of your organisation. This is the full legal name of the organisation applying for the server certificate.
Enter the name of your unit within the specified organisation. This is usually the group/department the certificate is for.
Enter your web site's fully-qualified name. For example, www.mydomain.com. This is known as your site's Common Name.
The CSR created will look something like this:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIByDCCATECAQAwgYgxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhWaX
----------------More text--------------------
U20CbzA7Ur0YBqrnQdD2PnTv/XpHtAAr+M4oez==
-----END NEW CERTIFICATE REQUEST-----

At this point you should back up your key file and CSR to a secure location. If you lose your private key or forget the password, you will not be able to install your certificate.

	Top

Generate an SSL certificate
You can generate an SSL certificate, consisting of an RSA private key and certificate, for any domain using WebHost Manager. This will allow viewers of an SSL site to verify the identity of the web site by its public key.

To generate an SSL certificate:
Click on the Generate an SSL certificate and Signing Request link in the SSL/TLS menu. Enter the email address to send the certificate to in the 'Email Address the Cert will be sent to field'. Enter the domain name that the domain is being created for in the 'Host to make cert for field'. Enter the administration details of the certificate in the Country, State, City, Company Name, Company Division, and Email fields. Enter the password for the certificate in the Password field.

Click 'Create'

	Top

Login to the Site Admnistrator or Applicance Administrator and select the site to administer.

Select Services
Select the Actions box next to Apache Web Server and then select SSL Settings

Select Generate and fill in the required details, the site name will automatically be entered into the Common Name field, ensure this is correct and contains the Fully Qualified Domain Name (e.g. secure.bmhsrv.com, www.bmhsrv.com, support.bmhsrv.com)

Select Save and you are presented with the RSA Key and the Certificate Request (CSR)
Copy the Certificate Request into a text editor, this will be required when you purchase your certificate.
Do not delete this request as it will be needed during the installation of your SSL certificate.

	Top

You can generate a key, a temporary certificate, and a certificate request form with the Configuration utility or from the command line.

Note: We recommend using the Configuration utility for this process. The certification process is generally handled through a web page. Parts of the process require you to cut and paste information from a browser window in the Configuration utility to another browser window on the website.

You must have a separate certificate for each domain name on each BIG-IP Controller or redundant pair of BIG-IP Controllers, regardless of how many non-SSL web servers are load balanced by the BIG-IP Controller.
If you are already running an SSL server, you can use your existing keys to generate temporary certificates and request files. However, you must obtain new certificates if the ones you have are not for the following web server types: Apache + OpenSSL Stronghold

Generating a key and obtaining a certificate using the Configuration utility
To obtain a certificate, you must have a private key. If you do not have a key, you can use the Configuration utility on the BIG-IP Controller to generate a key and a temporary certificate. You can also use the Configuration utility to create a request file that you can submit. You must complete the following tasks in the Configuration utility to create a key and generate a certificate request.
Generate a certificate request
Submit the certificate request to a certificate authority and generate a temporary certificate
Install the SSL certificate from the certificate authority
Finally, install the intermediate certificate authority certificate.

To create a new certificate request using the Configuration utility
In the navigation pane, click Proxies. The Proxies screen opens.
On Proxies screen, click the Create SSL Certificate Request tab, the New SSL Certificate Request screen opens. In the Key Information section, select a key length and key file name, you can choose either 512 or 1024 bytes. Type in the name of the key file. This should be the fully qualified domain name of the server for which you want to request a certificate. You must add the .key file extension to the name.

In the Certificate Information section, type the information specific to your company.
Country - Type the two letter ISO code for your country
State or Province - Type the full name of your state or province
Locality - Type the city or town name
Organization - Type the name of your organization
Organizational Unit - Type the division name or organizational unit
Domain Name - Type the name of the domain upon which the server is installed
Email Address - Type the email address of a person to be contacted about this
Challenge Password - Type the password you want to use as the challenge password
Retype Password - Retype the password you entered for the challenge password.

Click the Generate Certificate Request button.
After a short pause, the SSL Certificate Request screen opens. Use the SSL Certificate Request screen to start the process of obtaining a certificate from a certificate authority, and then to generate and install a temporary certificate.

Generate and install a temporary certificate
Click the Generate Self-Signed Certificate button to create a self-signed certificate for the server. We recommend that you use the temporary certificate for testing only. You should make your site live only after you receive a properly-signed certificate from a certificate authority. When you click this button, a temporary certificate is created and installed on the BIG-IP Controller. This temporary certificate allows you to set up an SSL gateway for the SSL Accelerator while you wait for a certificate authority to return a permanent certificate.

Generating a key and obtaining a certificate from the command line
To obtain a valid certificate, you must have a private key. If you do not have a key, you can use the genconf and genkey utilities on the BIG-IP Controller to generate a key and a temporary certificate. The genkey and gencert utilities automatically generate a request file that you can submit to a certificate authority. If you have a key, you can use the gencert utility to generate a temporary certificate and request file.

These utilities are described in the following list:

genconf - This utility creates a key configuration file that contains specific information about your organization. The genkey utility uses this information to generate a certificate.

genkey - After you run the genconf utility, run this utility to generate a temporary 30 day certificate for testing the SSL Accelerator on the BIG-IP Controller. This utility also creates a request file that you can submit to a certificate authority to obtain a certificate.

gencert - If you already have a key, run this utility to generate a temporary certificate and request file for the SSL Accelerator.

To generate a key configuration file using the genconf utility
If you do not have a key, you can generate a key and certificate with the genconf and genkey utilities. First, run the genconf utility from the root (/) with the following commands:

cd / /usr/local/bin/genconf

The utility prompts you for information about the organization for which you are requesting certification. This information includes:
The fully qualified domain name (FQDN) of the server
The two-letter ISO code for your country
The full name of your state or province
The city or town name
The name of your organization
The division name or organizational unit

To generate a key using the genkey utility
After you run the genconf utility, you can generate a key with the genkey utility.

cd / /user/local/bin/genkey

After the utility starts, it prompts you to verify the information created by the genconf utility. After you run this utility, a certificate request form is created in the following directory:

/config/bigconfig/fqdn.req

In addition to creating a request form that you can submit to a certificate authority this utility also generates a temporary certificate. The temporary certificate is located in:

/config/bigconfig/ssl.crt/fqdn.crt

The "fqdn" is the fully qualified domain name of the server. Note that you must copy the key and certificate to the other controller in a redundant system, but for an SSL proxy you should have a valid certificate from your certificate authority.

To generate a certificate with an existing key using the gencert utility
To generate a temporary certificate and request file to submit to the certificate authority with the gencert utility, you must first copy an existing key for a server into the following directory on the BIG-IP Controller:

/config/bigconfig/ssl.key/

After you copy the key into this directory, type the following command at the command line:

cd / /user/local/bin/gencert

After the utility starts, it will prompt you for various information. After you run this utility, a certificate request form is created in the following directory:

/config/bigconfig/ssl.crt/fqdn.req

The "fqdn" is the fully qualified domain name of the server.

	Top

1. Click SSL on your control panel home page.
2. Enable SSL for the domain in the list.
3. Click the link at the top of the form that appears.
4. On the page that appears, confirm your details by clicking the Submit button:

These data will be used to generate the certificate. Don't make changes to the data if you are not sure about the purpose of these changes.

5. Follow instructions that appear at the top of the next page.

• SSL Certificate Signing request. It includes the details that you submitted on the previous step. Use this request to get an SSL certificate from Comodo.
• SSL Server Private Key. This is the secret key to decrypt messages from your visitors. It must be stored in a secure place where it is inaccessible to others. Don't lose this key, you will need it if you get a permanent certificate.
• Temporary SSL Certificate. It validates your identity and confirms the public key to assure the visitors that they are communicating with your server, not any other party.

6. Copy the signing request and private key for later use.

	Top

Using IKEYMAN for CSR Generation

To create a new Key Database:

• A key database is a file that the server uses to store one or more key pairs and certificates. You can use one key database for all your key pairs and certificates, or create multiple databases.
• Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder, on Windows.
• Select Key Database File from the main user interface, select New.
• In the New dialog box, enter your key database name. Click OK.
• In the Password Prompt dialog box, enter a password, enter to confirm the password. Click OK.

Creating a New Key Pair and Certificate Request:

• Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
• Select Key Database File, from the main user interface and select Open.
• In the Open dialog box, select your key database name. Click OK.
• In the Password Prompt dialog box, enter your correct password and click OK.
• Select Create from the main user interface, select New Certificate Request.
• In the New Key and Certificate Request dialog box, enter:
  • Key Label: A descriptive comment to identify the key and certificate in the database.
  • Keysize:
  • Organization Name:
  • Organization Unit:
  • Locality:
  • State/Province:
  • Zipcode/Postcode:#
  • Country: Enter a country code. Example: US or GB etc
  • Certificate request file name, or use the default name
• Click OK.
• In the Information dialog box, click OK.

	Top

Before being able to enable SSL on WebSphere, you need to have your own certificate. This certificate can be a self-certificate for testing purpose but in any production case, you should have a certificate issued by a Trusted CA. The following steps describe how to get your own certificate.

Creating a keystore
A keystore is where your private key will be saved, in a secure way, and the certificate belongs to it. This keystore can be created either with the SUN keytool or with ikeyman a tool from IBM that is distributed with WebSphere Advanced Single Server Edition 4.0.

Starting ikeyman tool

The command to start it is:
./ikeyman.sh
Once it is started, the following screen appears:

Specifying a keystore
From the main application, you can either use an existing keystore or create a new one. In the example below we want to create a new keystore that will be used only by WebSphere.
In the IBM Key Management console, select the option Key Database File/New. A dialog box will appear:

The options are: Option Value
Key database type JKS
File Name The name of the keystore. In the example: .keystore
Location The location of the keystore. In the example: /usr/bin/java/websphere/bin

Creating a certificate request
You first need to create a certificate request before getting your certificate. The certificate request is created in Create/New Certificate Request. A new dialog box will appear where you are asked to enter some information:

The options are: Option Value
Key Label A name that identify the request in list screen. For instance, sitecert
Key Size Use the default value of 1024
Common Name This is the Fully Qualified Domain Name, this is what will be in the URL after (but not including) the 'http://' and before the next '/'.
Example www.mydomain.com
Organization The Organization name. Example Comodo
Organization Unit The Organizational Unit. Example R&D
Locality The locality of your organization. Example Manchester
State/Province The province of your organization. Example Salford Quays
The country of your organization. Example GB
Request file name This is the name of the file where your CSR will be created.
In the example: /usr/bin/java/websphere/bin/certreq.arm
Now click on OK to generate your request. When the request is created, a key pair is also generated (a private key only stored in the keystore and a public key stored in the certificate you receive). If the request is successfully created, a dialog should inform you about it:

You will need the contents of this file when applying for your certificate.

	Top

Use the keytool command to create the key file:
keytool -genkey -keyalg RSA -keystore domain.key -validity 360

If you want to use an alias for the site certificate include -alias yyy (where yyy is the alias name)

The following questions will be asked if not known:
Enter keystore password: (NOTE remember this for later use)
What is your first and last name? - This is the Common Name (Domain Name)
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?

You will then be asked if the information is correct:
Is CN=www.yourdomain.com, OU=Your Oganizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?

When you answer 'y' or 'yes' the password is then requested:
Enter key password for <mykey>
NOTE: Make a note of this password
<mykey> is the default alias for the certificate

Use the keytool command to create the CSR file:
keytool -certreq -keyalg RSA -file domain.csr -keystore domain.key

You will be prompted to enter the password.
Enter keystore password:

If the password is correct then the CSR is created.
If the password is incorrect then a password error is displayed.
You will need the text from this CSR when requesting a certificate.

	Top

For version 4.6x:

• From the administration panel, click System Databases and choose Open Domino Server Certificate Administration (CERTSRV.NSF) on the local machine. Click Create Key Ring.
• Enter a name for the key ring file in the "Key Ring File Name" field.
• Enter a password for the server key ring file in the "Key Ring Password" field.
  Note: The password is case sensitive.
• Select a key size. This is the size Domino uses when creating the public and private key pairs.
  Note: If you are using the international version of Domino, only the 512 bit key size will work for you unless you have Release R5.04.
• Specify the components of your server's distinguished name.
• Click Create Key Ring. Click OK.
• Click Create Certificate Request.

Note: You must select all the text in the second dialog box, including Begin Certificate and End Certificate when the CSR is requested.

For R5.0x:

• Launch the Domino Administration client.
• Select File-Open Server and select the Domino server you wish to administer, Click the file tab, double click on Server Certificate Administration database (certsrv.nsf)
• From the administration panel, click System Databases and choose Open Domino Server Certificate Administration (CERTSRV.NSF) on the local machine.
• Click Create Key Ring.
• Enter a name for the key ring file in the "Key Ring File Name" field.
• Enter a password for the server key ring file in the "Key Ring Password" field.
  Note: The password is case sensitive. If you are using the international version of Domino, only the 512 bit key size will work for you unless you have Release R5.04.
• Specify the components of your server's distinguished name.
• Click Create Key Ring. Click OK.
• Click Create Certificate Request.

Note: You must select all the text in the second dialog box, including Begin Certificate and End Certificate when the CSR is requested.

	Top

A CSR is a file containing your IIS SSL certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrollment process:

Generate keys and Certificate Signing Request:

• Select Administrative Tools
• Start Internet Services Manage
• Open the properties window for the website the CSR is for. You can do this by right clicking on the Default Website and selecting Properties from the menu
• Open Directory Security by right clicking on the Directory Security tab
• Click Server Certificate. The following Wizard will appear:

• Click Create a new certificate and click Next.
• Select Prepare the request and click Next.

• Provide a name for the certificate, this needs to be easily identifiable if you are working with multiple domains. This is for your records only.
• If your server is 40 bit enabled, you will generate a 512 bit key. If your server is 128 bit you can generate up to 1024 bit keys. We recommend you stay with the default of 1024 bit key if the option is available. Click Next.
• Enter Organisation and Organisation Unit, these are your company name and department respectively. Click Next.
• The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your IIS SSL Certificate, e.g. the area of your site you wish customers to connect to using SSL. For example, an Instant SSL Certificate issued for comodogroup.com will not be valid for secure.comodogroup.com. If the web address to be used for SSL is secure.comodogroup.com, ensure that the common name submitted in the CSR is secure.comodogroup.com. Click Next.

• Enter your country, state and city. Click Next.
• Enter a filename and location to save your CSR. You will need this CSR to enroll for your IIS SSL Certificate. Click Next.
• Check the details you have entered. If you have made a mistake click Back and amend the details. Be especially sure to check the domain name the Certificate is to be "Issued To". Your IIS SSL Certificate will only work on this domain. Click Next when you are happy the details are absolutely correct.
• When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form - including
  -----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST-----
• Click Next
• Confirm your details in the enrollment form
• Finish

To save your private key:

• Go to: Certificates snap in in the MMC
• Select Requests
• Select All tasks
• Select Export

We recommend that you make a note of your password and backup your key as these are known only to you, so if you loose them we can't help! A floppy diskette or other removable media is recommended for your backup files.

	Top

Creating a CSR

1. Using the Internet Services Manager.
2. Right click on the website that is hosting your OWA component (this is by default the "Default Web Site") and open its properties.
   
3. Select the "Directory Security" tab and then click on "Server Certificates". The "Web Server Certificates Wizard" will now be displayed, click Next.
4. On the "Server Certificate" dialogue box select "Create a new certificate", click Next.
5. In the "Delayed or Immediate Request" dialogue box select "Prepare the request now, but send it later", click Next.
6. Next you are presented with the "Name and Security Settings" dialogue box. Give your new certificate a name and also select the level of security you would like to use (it is not recommended that you go over 1024 as this will have an adverse effect on your server performance), click Next.
   
7. In the "Organisation Information" dialogue box, enter the name of your organisation. This should be as you want it to appear on any legal documents as this is the name that will appear in your certificate. The organisational unit can be a location, department or business unit within your company.
8. In the "Common Name" dialogue box, you must enter the FQDN of our web server.
9. You are now presented with the "Geographical Information" dialogue box. It is important to make sure you enter the State in full, for example "New York" not just "NY". Abbreviating State names will be rejected at the end of the Certificate Wizard.
10. The last step is to specify the location of the Certificate Request File, remember where and what you called this as you will need it later.
11. The "Request File Summary" will now appear (below). Make sure everything is OK and then click Next to process the request.

	Top

1. Sign onto the Webserver and select the server to manage
2. Select the Security tab and then Request a Certificate

3. Complete the required boxes and click OK
4. An email is then sent to the email address specified containing your CSR
5. The CSR will be required when requesting your certificate.

	Top

There are 2 possible views for creating a CSR, the alternative view is at the bottom of this page.

Start the ichain Management http://youriChain:1959/appliance/config.html
Select the Home-Certificate Maintenance panel.
Select Create to create the CSR

Enter the following fields:

Certificate name - Any alphanumeric name as long as it is unique
Subject name - The DNS name of the site that is to be secured
Signature algorithm - can be SHA or MD5
RSA Key size - use 1024 bits
Select 'Use external certificate authority'
Organization - The company that owns the web site
Note: Entering spaces may cause problems
City, State or Province code, two character country code

Select OK.

The Certificate Maintenance panel will now look like this:

Select Apply to generate the CSR. When it is ready the Status will indicate "CSR in Progress".

When you select 'View the CSR'. You should see:

This is your certificate request that you will need during application.

	Top

1. Login to the Plesk 7 Control Panel.
2. From the left hand menu, select 'Domains'.
3. Click on the domain name that you wish to generate the CSR for.
4. Click on the 'Certificates' menu item.
5. Click on the 'Add New Certificate' item.
6. Fill out the information on the page. All items noted by red asterisks must be filled in
7. Press the 'Request' button.
8. You will then be returned to the Certificates menu. From the list at the bottom of the page, click on the certificate name that you just created. Mid-way down the page, there is a box. Copy the content of this box labelled 'CSR'. It should look similar to the example below:

   -----BEGIN CERTIFICATE REQUEST-----
   MIIBSzCB9gIBADCBkDELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMQ4wDAYD
   ....
   HNX2uFXghrjBJw3mtZ36JhG7cLeWZK7B+4dmOL4f2ToreSW946wQMxK5ZYYOK68=
   -----END CERTIFICATE REQUEST-----

9. Paste the CSR into the order screen when purchasing an SSL certificate.

	Top

A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrollment process.

Generate keys and Certificate Signing Request:

• Open Website Server Properties and select Key Ring

• Select New Key Pair and follow the wizard.
• Ensure all the details you enter are correct.
• When you have completed the wizard select Done, do not select the box to choose a Certification Authority.

• When enrolling for a Certificate locate the CSR file and copy/paste the Certificate Request text into the CSR box. Complete the online enrollment process

	Top

Step 1: Generate a Private Key

• Start the 4D WebSTAR Admin Client and login to your WebSTAR 5 server.
• Select Generate Keys and CSRs from the Tools menu
• In the Name field enter the name for your private key file.
• In the Password field enter a password to protect your private key. Make sure that the password is at least 8 characters long, includes letters, numbers and punctuation, and is not a name or a word. Write the password down and store it in a secure place, such as a safety deposit box.

  Do not forget this password! If you lose the password, you will not be able to use your SSL certificate.

• Click the Generate Key button to generate your private key file. It will automatically be saved inside the Keys folder inside the SSL Tools folder of the folder containing your WebSTAR 5 installation.

• On the Generate Keys and CSRs window, fill in all the fields of the Generate Certificate Signing Request section with the appropriate information. Make sure that the Common Name you specify will be the actual domain name that you want to use your SSL certificate with.
• From the Key pulldown menu, choose the private key that you created during step 1.
• In the Password field enter the password you used to generate your private key.
• Click the Generate CSR button to generate your Certificate Signing Request.
• Copy the content of the Output (for Certificate Authority) field to a text editor and save it to your harddisk.

  When asked to "Copy & Paste" your CSR into the CSR field during the order process, open the file you just saved with a text editor and copy and paste the content into the CSR field on the order form.

• Quit the 4D WebSTAR Admin Client.

------------------------------------------------------------------------
WebStar 5 requires a pem file certificate in order to function properly. First, you will need to get the certificates from the zip file which was sent to you or download them from the website. Unzip the files and open your server certificate (www_yourdomain_com.crt) in notepad or any other text editor. Next, open the root and intermediate certificates. Open each certificate file in your text editor and copy and paste the entire contents below the server certificate in this order: first ComodoSecurityServicesCA.crt certificate, then the GTECyberTrust certificate,. Save the file as yourdomain.pem.

------------------------------------------------------------------------

• Start the 4D WebSTAR Admin Client and login to your WebSTAR 5 server.
• Select SSL Configurations under Web Server.
• Click the New button.
• Enter a Name for your SSL configuration.
• Type the password that you used while generating your CSR.
• From the Key File pull down menu select the private key you made while generating your CSR.
• From the Certificate pull down menu select your certificate file (yourdomain.pem).
• Under Simple Chipers, select all encryption options, except MAC (no encryption) and IDEA-128.
• Click the Save button.
• Select Web Connections under Web Server.
• Click the New button.
• From the IP Address pull down menu select the corresponding server IP address to which your domain name, that you want to use the certificate with, points to.
• Set the Port field to 443.
• From the SSL Config pull down menu select your SSL configuration.
• Click the Save button and Restart your WebSTAR 5 server.

	Top

1. Login to the web server
2. Select SSL certificates
3. Against Creating a Certificate Set select Create
4. Select Buy a Certificate From Another Certifying Authority, then click OK

Complete the fields with your specific information, then click OK

Copy the Certificate Singing Request (CSR) text into a text editor for later use when requesting your certificate.

	Top