|
Sonicwall SSL Offloader
(CSR
Generation Procedures) |
|
 |
 |
| Key and certificate file names cannot contain spaces
and must be compatible with your workstation's operating
system. When prompted to either name a key or certificate
file or check the name of a key or certificate file, please
ensure the names follow these conventions. |
First Method
The openssl_config.txt file must
be in the current working directory.
If it is not, you must
specify the path to the file.
For Windows NT and Windows 2000,
the current default working directory is Program Files \SonicWALL
Corporation \SonicWALL Configuration Manager, and openssl_config.txt
is located there by default.
For Linux, the current working directory
is the directory from which you executed OpenSSL. However,
the openssl_config.txt file is located in the /etc directory
of the root. When you see the openssl_config.txt file name
in a listing, you must add "/etc/" before entering it.
genrsa -out key.pem 1024
req -new -key key.pem -out req.pem -config openssl_config.txt
The second command must be entered on one line.
genrsa -out key.pem 1024
req -new -x509 -out cert.pem -key key.pem -config openssl_config.txt
The second command must be entered on one line.
You will be prompted for additional information with each of these commands.
-----BEGIN CERTIFICATE REQUEST-----
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAU
AMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0
EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UEC
xMlU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTAeFw0wMTA4MDIwMDAwMDBaFw0
wMzA4MDIyMzU5NTlaMIGQMQswCQYDVQQGEwJVUz
ERMA8GA1UECBMIVmlyZ2luaWExETAPBgNVBAcUC
FJpY2htb25kMSAwHgYDVQQKFBdDYXZhbGllciBU
ZWxlcGhvYm9uZGluZy5jYXZ0ZWwuY29tMIGfMA0
GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8x/1dxo
2YnblilQLmpiEziOqb7ArVfI1ymXo/MKcbKjnY2
-----END CERTIFICATE REQUEST----- 
When sending your CSR to EBIZID, you
MUST copy and paste the entire CSR Request, including the
beginning and ending lines as shown below.
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Failure to do so will result in you having to resend your
CSR in the correct format to EBIZID which will cause a
prolonged delay in processing your order. |
| If you are ordering a Wildcard Certificate,
the Common Name field must be in the format of: *
. yourdomain . com |
| Backup the private key, as there is
no means to recover it should it be lost. The private key
is used as input in the command to generate a Certificate
Signing Request (CSR). EBIZID will reissue certificates
no more than 30 days from the time of purchase. If you
do not backup your key and your server fails or other problems
occur after the 30 days, you will then be required to purchase
a new certificate. An ounce of prevention is all that is
required to prevent this from happening. |
| Should you choose to enter and use a
Private Key password, you will need to make sure that you
save that password in a secure place. If you ever need
to reinstall your certificate for any reason, you will
be required to enter that password. If you forget the password
and it is past 30 days from your purchase date, then you
will be required to purchase a new certificate. An ounce
of prevention will prevent this from happening. |
Second Method
Generating a Certificate Signing Request (CSR) using SonicWALL SSL Offloader
Step 1: Install OpenSSL
In order to be able to generate a CSR, you will need to have OpenSSL installed on your computer.
Step 2: Create your Certificate Signing Request
To generate a key pair consisting of Private Key and Certificate Signing Request (CSR) use the following command:
openssl req -new -des3 -keyout key.pem -out req.pem
You will now be asked to enter the following data for your CSR:
• Country Name: Enter the two-letter country code for your country
• State or Province Name: Enter the name of the State or Province in which your organization operates. Do not abbreviate
• Locality Name: Enter the name of your city, town, or other locality
• Organization Name: Enter the name of your organization
• Organizational Unit: Enter the name of your division, department, or other operational unit of your organization
• Common Name: Enter the domain name that you want to use your SSL certificate with
• E-mail address: Enter your e-mail address
• Challenge Password: Enter a password with at least 6 characters. Do not forget the password, you will need it to install the certificate
• Optional Company Name: Enter '.' to leave the field blank
You will now have created two files, the Private Key file named key.pem and Certificate Signing Request (CSR) file named req.pem
When asked to "Copy & Paste" your CSR into the CSR field during the order process, open the req.pem file with a text editor and copy and paste the content into the CSR field on the order form.
For additional information visit the OpenSSL Website or the Sonicwall Website
|
|
