Ask a Question

Advanced Search

Solution ID : SO2639

Last Modified : 05/08/2019

Generate a CSR for 4D Webstar Server Suite


Generate a CSR
Generate a private key


This document provides instructions for generating a Certificate Signing Request (CSR) for 4D WebSTAR. If you are unable to use these instructions for your server, Thawte recommends that you contact WebSTAR vendor.
Note: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
Step 1.  Generate a Key Pair

Note: All certificates must have a minimum 2048 bit key size.
  1. Launch the Key Generator application in the >Tools & Examples folder >SSL Tools folder.
  2. Enter a password to protect your key. You'll need it later to authorize WebSTAR SSL to use your public/private key pair.
    Note: Do not forget this password! If you do, the private key cannot be recovered: there is no "back door" to this security.
    Make sure that the password is at least 8 characters long, includes letters, numbers and punctuation, and is not a name or a word.
  3. Click the Create Key button to generate your private key file.
  4. Name the file like "Private Key File" (the default), and save it in the root folder for the SSL host (the WebSTAR folder or the host folder if you have a secondary IP host).
  5. When the key file is created, the Key Generator will beep and allow you to click OK , then it will quit.
  6. Make sure that the key file is in your WebSTAR folder. If it's not there, move it into that folder now.

Step 2. Generate a Certificate Signing Request

  1. Launch the CSR Utility application in the >Tools & Examples folder >SSL Tools folder.
  2. Click Choose and select the Private Key file you created. Once you select a private key file, the key file and the Certificate you will receive will be a signed Certificate pair, and cannot be separated
  3. Enter the password required to access your public/private key pair (the password you entered when generating the key pair, as described in Generate a Key)
  4. Click the Create button to generate your encrypted Certificate request form. This command will prompt for the following X.509 attributes of the certificate:
  • Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
  • State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
  • Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
  • Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
  • Organizational Unit (OU): This field is the name of the department or organization unit making the request.
  • Common Name (CN): The Common Name is the Host + Domain Name. It looks like "" or "".
    Note: Thawte certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "" will receive a warning if accessing a site named "" or "", because "" and "" are different from "". 
  • Do not enter your email address, challenge password or an optional company name when generating the CSR.
  1. The application creates a file named Certificate Request by default. You can use that name or rename it.
  2. Quit the CSR Utility program.
  3. You have just created a key pair and a CSR.
  4. Open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
  5. Copy and paste the information into the enrollment form when required.
  6. Verify your CSR
Contact Information
         During the verification process, Thawte may need to contact your organization. Be sure to provide an email address,
         phone number, and fax number that will be checked and responded to quickly. These fields are not part of the certificate.

 Once the SSL certificate has been issued, follow the steps from this link to install it on the server:  SO14974