Generating CSRs
Generating a Certificate Via OpenSSL
Instructions to generate certificates with openSSL can also be found documented here, on our support site.
To generate a CSR (Certificate Signing Request), open a terminal that has the openssl package installed. The following commands will generate a (self-signed) SSL certificate from a new or existing OpenSSL installation:
-
Generate a private key for your server CA (Certificate Authority):
$ openssl genrsa -des3 -out ca.key 4096 -
Create a certificate file using the generated CA private key:
$ openssl req -new -x509 -days 3650 -key ca.key -out ca_file -
Create a private key for your new SSL certificate:
$ openssl genrsa -des3 -out server.key 2048 -
Create certificate signing request (CSR) for your SSL certificate:
$ openssl req -new -key server.key -out server.csr -
Sign the CSR we created above with our CA key, and export the signed x509 certificate:
$ openssl x509 -req -days 365 -in server.csr -CA ca_file -CAkey ca.key -set_serial 01 -out cert_file -
Export the private key file in the correct format:
$ openssl rsa -in server.key -out key_file
Adding a new certificate is easy; See add a new certificate via appliance manager instructions here.
Generating Non-Production CSRs
We recommend using the OpenSSL method outlined above. Use the following online generator at your own risk, and only for non-production purposes. A 'private' key generated by this link (or any third party) is unlikely to be truly private.
If you need to quickly generate a non-production Certificate Signing Request (CSR), you can use this online CSR generator at your own risk: CSR Generator.