Ask a Question

Advanced Search

Solution ID : SO2545

Last Modified : 05/02/2018

Generate a CSR for iPlanet 4.x


Generate csr for Iplanet 4.x
How do I generate a csr for Iplanet 4.x


To activate the SSL protocol for your server, you will need to perform the procedures outlined in the following sections: 

  1. Create a New Server Instance
  2. Create a Certificate Trust Database
  3. Requesting a Certificate
  4. Installing and Managing Certificates

Note: A key length of 1024 bit is the default, but Thawte requires the use of a minimum 2048 bit key.


1. To add another server instance, perform the following steps:

  1. Access the Enterprise Administration Server and choose the Servers tab.
  2. Click the Add Server link.
  3. Enter the desired information for the specified fields. 

2. To create a Certificate Trust Database:

A certificate database is a key-pair and certificate database installed on the local host. When you use an internal token, the certificate database is the database into which you install the key and certificate. In Enterprise Server 4.0, each server instance (including the Enterprise Administration Server) has its own certificate/key pair which is referred to as a trust database.

A key-pair file contains both the public and private keys used for SSL encryption. You use the key-pair file when you request and install a certificate.

The key-pair file is stored encrypted in the following directory:

When you create the key, you specify a password that you later use when you request the certificate and when you start a server that is using encrypted communications.

To create the certificate trust database, perform the following steps:

  1. Access the Enterprise Administration Server
  2. Choose the Security tab.
  3. Select the desired cryptographic module (the PKCS#11 cryptographic module is the default).
  4. Type the password in Database Password.
  5. Re-type the password in Password (again).
  6. Click OK.

Note: If no database exists, Enterprise Server creates the proper key and certificate database files and stores them in the alias/ directory (otherwise, Enterprise Server displays an error message).


3. Requesting a Certificate:

  1. Access the Enterprise Administration Server.
  2. Choose the Security tab.
  3. Click the Request Certificate link.
  4. In the form that Enterprise Server displays, specify if this is a new certificate or a renewal.

Type your identification information. The information required is listed as follows:

Common Name must be the fully qualified hostname used in DNS lookups (for example, This is the hostname in the URL that a browser uses to connect to your site. It is important that these two names are the same, otherwise a client is notified that the certificate name doesn?t match the site name, which will make people doubt the authenticity of your certificate. However, some CAs might require different information, so it is important to contact them. Note that you can not use wildcards in a common name.
Organization is the official, legal name of your company, educational institution, partnership, and so on. Most CAs require that you verify this information with legal documents (such as a copy of a business license).
Organizational Unit is field that describes an organization within your company. This can also be used to note a less formal company name (without the Inc., Corp., and so on).
Locality is an field that usually describes the city, principality, or country for the organization.
State or Province is required, and no abbreviated.
Country is a required, two-character abbreviation of your country name (in ISO format). Example: The country code for the United States is US.

Note: All this information is combined as a series of attribute-value pairs called the distinguished name (DN), which uniquely identifies the subject of the certificate.
Double-check your work to ensure accuracy. The more accurate the information, the faster your certificate is likely to be approved.
Click OK once you've checked that the information is correct.


4. To install the issued Certificate, please refer to the following solution:  SO2546