Ask a Question

Alert ID : INFO803

Last Modified : 05/03/2018

Managed PKI for SSL - Certificate Signing Request (CSR) Generation Instructions for SonicWALL SSL Offloaders

Description


This document provides instructions for generating a Certificate Signing Request (CSR) for SonicWALL SSL Offloaders. If unable to use these instructions for the server, Symantec recommends that you contact the server vendor or the organization, which supports SonicWALL.

NOTE: To generate a CSR, you will need to create a key pair for the server. These two items are a digital certificate key pair and cannot be separated. If you lose the private key file or your password and generate a new one, the SSL Certificate will no longer match.

To generate a Private Key and CSR, perform the steps bellow:

  1. Create a directory called ‘C:\test’.
  2. Launch OpenSSL.
  3. Enter the following command to create a private key:

    genrsa -des3 -out c:\test\key.pem 2048
     
  4. Enter in a passphrase to protect the key (at least six characters).
  5. Enter the following command to create a certificate request:  
     
    req –new –key c:\test\key.pem –out c:\test\req.pem –config openssl_config.txt 
     
  6. Fill in the required fields for the certificate you want to generate:
     
    • Common Name: The fully-qualified domain name to which your certificate will be issued.
    • Organization: The full legal name of your company.
    • Organizational Unit: Use this field to differentiate between divisions within an organization.
    • City or Locality: Usually the city of your organization's main office, or a main office for your organization.
    • State or Province: Enter the full name of your state or province. 
      Note: Make sure the State or Province is not abbreviated (e.g. California).
    • Country: Enter the two-character abbreviation of country in which organization resides (e.g. US).
       
  7. You have now created a private key and a CSR.
  8. Verify your CSR using our tool.
  9. Open the CSR file in a text editor that does not add extra characters (Notepad or Vi are recommended).
  10. Copy and paste the information into the enrollment form when required.


Once the SSL certificate has been issued, follow the steps from this link to install it on the server.