Generate a Certificate Signing Request (CSR)

Apache + SSLeay

Follow these instructions to generate a CSR for your Web site. When you have
completed this process, click the “close” button below to close this window
and continue to the next step.

  1. Install SSLeay, if not found on your server.
  2. Create a RSA key for your Apache server:

    If you have a different path, cd to your server’s private key directory.

  3. Type the following command to generate a private key that is file encrypted.
    You will be prompted for the password to access the file and also when starting
    your webserver: Warning: If you lose or forget the
    passphrase, you must purchase another certificate.

    SSLeay genrsa -des3 -out domainname.key 1024

You could also create a private key without file encryption:

SSLeay genrsa -out domainname.key 1024

Note: We recommend that you name the private key using
the domain name that you are purchasing the certificate for ie domainname.key

  1. Type the following command to create a CSR with the RSA
    private key (output will be PEM format):

    SSLeay req -new -key domainname.key -out domainname.csr

    * Note: You will be prompted for your PEM passphrase if you included the
    “-des3″ switch in step 3.

  2. When creating a CSR you must follow these conventions. Enter the information
    to be displayed in the certificate. The following characters can not be accepted:
    < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

    DN Field



    Common Name The fully qualified domain name for your web
    server. This must be an exact match.
    If you intend to secure the URL,
    then your CSR’s common name must be
    Organization The exact legal name of your organization.
    Do not abbreviate your organization name.
    Organization Unit Section of the organization Marketing
    City or Locality The city where your organization is legally
    Wellesley Hills
    State or Province The state or province where your organization
    is legally located. Can not be abbreviated.
    Country The two-letter ISO abbreviation for your country. US
  3. Do not enter extra attributes at the prompt.
  4. Warning: Leave the challenge password blank (press


    Note: If you would like to verify the contents of the
    CSR, use the following command:

    SSLeay req -noout -text -in domainname.csr

  5. Cut-and-paste your CSR with a text editor, then submit your CSR to GeoTrust
    by clicking on
    You will be asked to complete the agreement and the enrollment form as well.

Create a backup of your private key!

Make a copy of the private key file (domainname.key)
generated in step 3 and store it in a safe place! If you lose this file, you
must purchase a new certificate.

* The private key file should begin with (when using a text editor)


To view the contents of the private key, use the following command:

    SSLeay rsa -noout -text -in domainname.key