Key and CSR Generation Instructions

General Information ID:    INFO1108
Version:    21.0
Published:    05/05/2009
Updated:    08/19/2015

Description

Generate a certificate signing request (CSR) for the server where the certificate will be installed.

Thawte SSL Assistant
The Thawte SSL Assistant automatically generates a CSR and installs your certificate.

Red Hat on Apache 2.2+ Thawte SSL Assistant
Windows IIS 7.0 - 8.5 Thawte SSL Assistant


If you are not using Microsoft IIS 7.0 - 8.5 or a Red Hat server running Apache 2.2 or greater, see the instructions for your server software below.

Instructions for all other server vendors
 

A
Apache-SSL and Apache ModSSL
Apache on Mac OS X Server
Apple Mac OS X 10.6

B
BEA web logic 

C
Citrix Secure Gateway 1.0
Citrix Secure Gateway 1.1
CNT Web Integrator
Cobalt Raq
Covalent server products

I
IBM ICSS
IBM HTTP
Infinite InterChange
Infinite WebMail
Innosoft PMDF-TLS
iPlanet 4.x
iPlanet 6.x
IFactory Commerce Builder

J
Java Web Server
Jetty Java HTTP Servlet Web Server

L
Lotus Domino Go
Lotus Notes Domino

M
Marimba
Microsoft IIS 4
Microsoft IIS 5
Microsoft IIS 6
Microsoft IIS 7
Microsoft IIS 8

N
Netscape Commerce
Netscape Enterprise 3.x

O
Oracle Wallet Manager
Oracle Web Server (OAS 4.0.8)
Orion Web Server
O'Reilly Website Professional

P
Plesk 8.1

Q
Qpopper
Quid Pro Quo Secure

R
Raven SSL
Raven SSL CTL Interface
RedHat Linux
Roxen

S
Sambar
Silverstream
Stronghold
SSLeay-based Servers
SyBase EAServer

T
Tenon WebTen
Tomcat

W
WebSite Professional 2.x
4D WebSTAR Server Suite/SSL
WSFTP FTP application

Z
Zeus

If your server is not listed or you need additional information, refer to your server documentation or contact your server vendor. If you do not know what software your server uses, contact your technical support team for assistance.

Before you start

Before you can begin the process of obtaining a certificate, you must generate a private key and CSR pair on the web server. A CSR is basically a public key that you generate on your server and it validates computer-specific information about your web server and organization. Digital ID's make use of a technology called public key cryptography, which uses public and private key files.

  • The public key, also known as CSR, is the key that will be sent to Thawte.
  • The private key remains on your server and should never be released into the public. Thawte does not have access to your private key. The integrity of your Digital ID depends on your private key being controlled exclusively by you.


A CSR cannot be generated without generating a private key nor can the private key be generated without generating a CSR. In certain web server software platforms like Microsoft IIS, both are generated simultaneously through the server's wizard.

Typically, you will be prompted to enter the following information about your organization in order to generate the private key and CSR pair:

  • Organization Name (i.e., The company)
  • Organizational unit  (i.e., The department)
  • Country Code          
  • State or Province    
  • Locality                   
  • Common Name (i.e., www.domain.com)


Note about common name: Before you begin the process of obtaining a certificate, you must generate a private key and CSR pair on the web server. The term "common name" is X.509 speak for the name that distinguishes the certificate, and ties it to your organization. In the case of SSL Web Server certificates, enter your exact host and domain name that you wish to secure. This may also be the root server or intranet name for your organization.

Example:  If you wish to secure www.mydomain.com, then you will need to enter the exact host (www) and domain name in this field. If you enter mydomain.com then the Certificate issued to you will only work error free on that exact domain name. It will cause an error when you or your users access the domain name as www.mydomain.com.

The term "common name" is X.509 speak for the name that distinguishes the Certificate best, and ties it to your Organization. In the case of SSL Web Server Certificates, enter your exact host and domain name that you wish to secure. This may also be the root server or intranet name for your organization.

Note about certificate renewals: Usually, before you can renew a certificate, a new key/CSR pair will have to be generated off the server, the key must then be backed up and then the newly created CSR has to be submitted through the renewal process. But, when renewing a certificate requested for any of the server software platforms listed in the Thawte knowledge base solution below, you will not need to submit a new or renewal CSR in order to get your renewal certificate. It will use your old CSR for your renewal certificate. This means that the renewal certificate, once issued, will only work on the private key file that was originally used to create the CSR.

To view the list which contains server software platforms which have re-signable CSR's through the Thawte renewal system, please refer to KB solution:SO157.

Knowledge Center


Search Tips