Generate a CSR

You are here:

Generate a CSR

Download OpenSSL from OpenSSL for Windows at http://www.openssl.org/related/binaries.html.

Note: You must install the full version of OpenSSL: Win32OpenSSL-v0.9.8a.exe
Install OpenSSL on the FH Web Edition server.
Choose Start → Run.
Type cmd, and then press Enter on your keyboard.
Type the following command to generate a private key for the server:

OPENSSL_DIR\bin\openssl genrsa –out server.key 1024

where OPENSSL_DIR is the path to the directory in which OpenSSL is installed.

Example: C:\OpenSSL
Type the following command:

OPENSSL_DIR\bin\openssl req –new –key server.key –out server.csr

You are prompted for the attributes to be included in your certificate, as follows:

Country Name: US
State: your state
Locality: your city
Organization: your company name
Organizational Unit: your department
Common Name: your server’s name
E-mail Address: your e-mail address

Unless you are using a wildcard SSL Certificate, the Common Name must match the host name of the FH Web Edition server (the name that users will specify when connecting to the host). Any variation in the name will cause the client to issue a warning when connecting.

The output of the command is a file named server.csr, which can be sent to your CA. Since FH Web Edition’s SSL implementation is based on the OpenSSL toolkit, the tools used are the same as those used in other OpenSSL-based products, such as the Apache mod_ssl package. Follow instructions provided by your CA for the mod_ssl package to obtain a certificate for your server.

When your CA sends you the signed server certificate file, save it as server.crt. Copy this file and the server.key file (generated in step 5 above) to a directory on the FH Web Edition server that can be accessed from the system account and accounts that belong to the administrator group, but that cannot be accessed from normal user accounts. Finally, select the signed certificate file in the FH Web Edition Connection Manager.