How do I generate the Certificate Signing Request (CSR) for my SSL certificate?
Generating a certificate signing request (CSR) for your SSL certificates in Windows IIS, OpenSSL and Apache w/mod_ssl.
Only University faculty or staff members my request SSL certificates. To obtain a SSL certificate for your server, log in to the WebStore and select Unit Purchase (certificates are not available for Personal Purchase). Place an order for SSL InCommon Comodo Certificate. We offer 1 and 2-year new requests and renewals.
- Fully qualified domain name of the server (example: www-s.department.uic.edu)
- Primary contact email address (must be a University of Illinois faculty/staff or department email address)
- Secure HTTP server vendor and version (example: Apache modssl 1.3.20, Microsoft IIS 4.0)
- Certificate signing request (CSR) generated by your secure server. A CSR is an ASCII text file that you create that looks something like this:
Certificate Signing Request (CSR)
The certificate signing request (CSR) must be created from a 2048-bit or larger key pair. Check the Comodo Knowledgebase for your particular web server and instructions for generating a certificate signing request. At some point during the process you will be prompted to enter values for the following six fields that will be encoded in your certificate:
- Common-name : server.department.uic.edu
- Organization : University of Illinois at Chicago
- Organizational Unit : Department Name
- Locality : Chicago
- State : Illinois
- Country : US
Enter the appropriate values for your server (Common-name) and department (Organizational Unit). All other fields should be entered exactly as shown (no abbreviations, punctuation, capitalization changes, extra spaces, etc.) If you are prompted for webmaster email address, phone number, or challenge phrase, enter any reasonable values. These three items are optional and not actually used to create your certificate. If during the process your server prompts you for a Certificate Authority, enter firstname.lastname@example.org.
Your server will either store the certificate request in a file or email it to email@example.com (it will tell you which of these things it does). If it stored the request in a file, email the contents of that file to firstname.lastname@example.org. After your request is processed, you will receive an email from email@example.com with directions on how to install the certificate. If you haven't received a response after three full business days since emailing your request, send a query to firstname.lastname@example.org.
SSL Comodo Wildcard Certificates
We typically discourage the use of Wildcard Certificates as they introduce risks above and beyond that of single-site certificates. Due to the potential sensitivity of certain websites, this is even more of an issue.
For example, if the cert were to be exposed/compromised, all systems using the cert would become vulnerable and need to be updated immediately. Also, loss of the cert, in combination with DNS spoofing, could lead to impersonation of any of the affected sites.
Wildcard Certificate must be approved by ACCC’s CISPO. In such a request ticket, please provide a description of the need for and how you will be using the Wildcard Certificate.
A Multi-Domain Certificate is a highly-recommended solution.
CSR GENERATION (APACHE W/MOD_SSL, NGINX, OS X)
CSR Generation: OpenSSL
Certificate Installation: Apache w/mod_ssl
CSR GENERATION (MICROSOFT IIS)
CSR Generation: Microsoft IIS 5.x & 6.x
CSR Generation: Microsoft IIS 7.x
CSR Generation: Microsoft IIS 8.x
CERTIFICATE INSTALLATION (MICROSOFT IIS)
Certificate Installation: Microsoft IIS 5.x & 6.x
Certificate Installation: Microsoft IIS 7.x
Certificate Installation: Microsoft IIS 8.x