Creating a valid CSR for the Certifying Authority

To ensure that users do not receive a warning when they reach your RTM web server, obtain a valid SSL Certificate from a certifying authority. To do this, first create a CSR. The CSR will be delivered to the Certifier. The Certifier will respond with a valid certificate.

On a RedHat based system, use the following instructions.

  1. Use a terminal application to log in to your server.
  2. Run the following command:
    openssl req –new –newkey rsa:2048 –nodes –keyout server.key –out server.csr
  3. You will receive several prompts that you must complete. One of them will prompt you for the Common Name. Here is where you must enter the domain name of your server. In the case where you plan on using a Load Balancer in front of more than one web server use a wildcard domain name such as *.domain.com.
  4. After this step, you are now prepared to ship your CSR file to your Certifying Authority.
  5. When you order your Certificate, you will have to copy the text from the CSR file to the Certifiers request form. If you edit the CSR file with a text editor, you will find both a header and footer letting you know the start and end of the CSR string.
  6. Ensure that you save the server.key file. You will need it later when you install your certificate.
    Note: Make sure you name the server.key and server.csr to match your server’s name.