IBM Support

How to Create A SHA2 Certificate Signing Request (CSR)

Technical Blog Post


How to Create A SHA2 Certificate Signing Request (CSR)


A Certificate Signing Request (CSR) is a block of encoded text that is given to a Certificate Authority (CA) when applying for an SSL or TLS Certificate. It is usually generated on the server where the certificate will be installed and contains information that will be included in the certificate such as the organization name, common name (domain name), locality, and country. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair.

While there are previous blog postings about using the IBM Sterling Certificate Wizard to generate a CSR, it is not capable of generating SHA2 (sometimes also abbreviated as SHA-2) requests. The industry is moving towards newer, more secure hash algorithms there are many other available tools to create a CSR to submit to a (CA).  The first place to look is at the CA's website. For example, the following popular CAs provide instructions:

Comodo CSR Generation Instructions
DigiCert CSR Generation Instructions
GeoTrust CSR Generation Instructions
Thawte CSR Generation Instructions
Symantec (formerly VeriSign) Generation Instructions

You can also use OpenSSL or free online websites. IBM is not a Certificate of Authority, so you should contact your respective CA if you require further assistance with generating your CSR.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]