Generating an SSL Certificate Signing Request

You can use the OpenSSL utility to create an SSL Certificate Signing Request (CSR) for each of your applications.

If you are using a UNIX or Linux machine, the OpenSSL utility should be installed by default. If you are using a Windows machine, you can download the OpenSSL utility from http://www.openssl.org/.

To Generate an SSL Certificate Signing Request using OpenSSL

Depending on your platform, do one of the following:

Linux: Open a terminal window.
Windows: Open a command prompt window, and navigate to the location where OpenSSL is installed. By default, this is C:\OpenSSL-Win32\bin.

To Generate a Private Key for the Server

Type the following command, and press Enter:
openssl genrsa –des3 –out Server_key.key
Where Server_key.key is the name of the private key file. By default, the private key file is created in the current location. To create the file at a different location, replace Server_key.key with a path to create the new file.
You are prompted for a pass-phrase for the key.
Type a secure pass-phrase for the key, and press Enter. The key file is created.

To Generate the Certificate Signing Request

Type the following command, and press Enter:
openssl req –new –key Server_key.key –out Server_CSR.csr
Where Server_key.key is the private key file that you created, and Server_CSR is the CSR file.
You are prompted for information such as your organization's name, department name, country code, and so on. Type the information about your organization as you are prompted. When prompted for a Common Name, type the fully qualified domain name of the server that the application runs on. For example, if Intelligence Server runs on a machine called intelligenceserver, and your domain is yourcompany.com, the fully qualified domain name is intelligenceserver.yourcompany.com.
When you have entered all the required information, the CSR file is created
Repeat this procedure for every application that you need a certificate for.