Ask a Question

Advanced Search

Solution ID : SO22411

Last Modified : 05/02/2018

Certificate Signing Request (CSR) Generation Instructions for Redhat Secure Web Server

Solution

This document provides instructions for generating a Certificate Signing Request (CSR) for  Redhat Secure Web Server. If this document can not be used on the server, RapidSSL recommends that you contact the Redhat Secure Web Server vendor for additional information.


Step 1: Generate a Private Key

NOTE: When using Red Hat Linux Professional, you can choose whether or not to enable the password feature. This will require you to enter the password every time you start your secure server.  RapidSSL recommends that you use the password feature to increase the level of security.

With Password Feature

  1. Use the cd command to move to the /etc/httpd/conf directory. 
  2. As root, type the command:

    make genkey
     
  3. The private key will be generated and there will be a prompt to enter and confirm a password.  The password will need to entered every time the Secure Web Server is started. 
  4. The private key will be created and saved to a file named server.key. When using Red Hat Linux Professional, server.key should be located at /etc/httpd/conf/ssl.key

Without Password Feature

  1. Use the cd command to move to the /etc/httpd/conf directory. 
  2. As root, type the command all on one line:

    /usr/sbin/sslgenrsa -rand /dev/urandom -out ssl.key/server.key 2048
     
  3. Set the correct permissions for the key with the command:   

    chmod go-rwx ssl.key/server.key
     
  4. The private key will be created and saved to a file named server.key. When using Red Hat Linux Professional, server.key should be located at /etc/httpd/conf/ssl.key directory.
     
Step 2: Create the Certificate Signing Request
  1. In the /etc/httpd/conf directory, become root and type in one of the following two commands:

    For Red Hat Linux Professional, type in the following command:

    make certreq

    For Official Red Hat Linux Professional, International Edition, type in the following command (all on one line): 

    /usr/bin/openssl req -new -key /etc/httpd/conf/server.key -out /etc/httpd/conf/server.cs

     
  2. Enter information as prompted. The inputs will be incorporated into the CSR.

    - Common Name: The Common Name is the Host + Domain Name.  Example, www.bbtest.net
    - Organization: If the company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll.
    - Organizational Unit: The name of the department or organization unit making the request.
    - Locality: Enter the city or town name where the organization is headquartered, for example, Mountain View
    - State: Enter the state where the organization is headquartered.  Do not abbreviate the state or province name, for example: California
    - Country: Use the two-letter code without punctuation for country, for example: US
     
  3. A file named server.csr will be created. If you're using Official Red Hat Linux Professional, server.csr should be located at /etc/httpd/conf/ssl.csr
  4. A private key and CSR have been created.  The server.csr file contains the certificate request. To copy and paste the information into the enrollment form, open the file in Vi or a plaintext editor.
  5. Proceed with the Enrolment.

Contact Information

During the verification process, RapidSSL may need to contact your organization. Be sure to provide an email address, phone number, and fax number that will be checked and responded to quickly. These fields are not part of the certificate.

Once the SSL certificate has been issued, refer to this link for installation instructions