Certificate Signing Request (CSR) Generation Instructions for Redhat Secure Web Server

Solution ID:    SO22411    Updated:    07/27/2016

Solution

This document provides instructions for generating a Certificate Signing Request (CSR) for  Redhat Secure Web Server. If this document can not be used on the server, RapidSSL recommends that you contact the Redhat Secure Web Server vendor for additional information.


Step 1: Generate a Private Key

NOTE: When using Red Hat Linux Professional, you can choose whether or not to enable the password feature. This will require you to enter the password every time you start your secure server.  RapidSSL recommends that you use the password feature to increase the level of security.

With Password Feature

  1. Use the cd command to move to the /etc/httpd/conf directory. 
  2. As root, type the command:

    make genkey
     
  3. The private key will be generated and there will be a prompt to enter and confirm a password.  The password will need to entered every time the Secure Web Server is started. 
  4. The private key will be created and saved to a file named server.key. When using Red Hat Linux Professional, server.key should be located at /etc/httpd/conf/ssl.key

Without Password Feature

  1. Use the cd command to move to the /etc/httpd/conf directory. 
  2. As root, type the command all on one line:

    /usr/sbin/sslgenrsa -rand /dev/urandom -out ssl.key/server.key 2048
     
  3. Set the correct permissions for the key with the command:   

    chmod go-rwx ssl.key/server.key
     
  4. The private key will be created and saved to a file named server.key. When using Red Hat Linux Professional, server.key should be located at /etc/httpd/conf/ssl.key directory.
     
Step 2: Create the Certificate Signing Request
  1. In the /etc/httpd/conf directory, become root and type in one of the following two commands:

    For Red Hat Linux Professional, type in the following command:

    make certreq

    For Official Red Hat Linux Professional, International Edition, type in the following command (all on one line): 

    /usr/bin/openssl req -new -key /etc/httpd/conf/server.key -out /etc/httpd/conf/server.cs

     
  2. Enter information as prompted. The inputs will be incorporated into the CSR.

    - Common Name: The Common Name is the Host + Domain Name.  Example, www.bbtest.net
    - Organization: If the company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll.
    - Organizational Unit: The name of the department or organization unit making the request.
    - Locality: Enter the city or town name where the organization is headquartered, for example, Mountain View
    - State: Enter the state where the organization is headquartered.  Do not abbreviate the state or province name, for example: California
    - Country: Use the two-letter code without punctuation for country, for example: US
     
  3. A file named server.csr will be created. If you're using Official Red Hat Linux Professional, server.csr should be located at /etc/httpd/conf/ssl.csr
  4. A private key and CSR have been created.  The server.csr file contains the certificate request. To copy and paste the information into the enrollment form, open the file in Vi or a plaintext editor.
  5. Proceed with the Enrolment.

Contact Information

During the verification process, RapidSSL may need to contact your organization. Be sure to provide an email address, phone number, and fax number that will be checked and responded to quickly. These fields are not part of the certificate.

Once the SSL certificate has been issued, refer to this link for installation instructions
 

Legacy ID

vs42090

Disclaimer:

RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Find Answers


Search Tips