Generating CSRs

Generating a certificate via OpenSSL

Instructions to generate certificates with openSSL can also be found documented here, on our support site.

To generate a CSR (Certificate Signing Request), open a terminal that has the openssl package installed. The following commands will generate a (self-signed) SSL certificate from a new or existing OpenSSL installation:

1. Generate a **private** key for your server CA (Certificate Authority):
    $ openssl genrsa -des3 -out ca.key 4096

2. Create a certificate file using the generated CA private key:
    $ openssl req -new -x509 -days 3650 -key ca.key -out ca_file

3. Create a **private** key for your new SSL certificate:
    $ openssl genrsa -des3 -out server.key 2048

4.Create certificate signing request (CSR) for your SSL certificate:
    $ openssl req -new -key server.key -out server.csr

5. Sign the CSR we created above with our CA key, and export the signed x509 certificate:
    $ openssl x509 -req -days 365 -in server.csr -CA ca_file -CAkey ca.key -set_serial 01 -out cert_file

6. Export the private key file in the correct format:
    $ openssl rsa -in server.key -out key_file

Adding a new certificate is easy; See add a new certificate via appliance manager instructions here.

Generating non-production CSRs

WARNING! You should most likely use the OpenSSL method outlined ABOVE! Use the following online generator at your own risk, and ONLY for NON-PRODUCTION purposes. A ‘Private’ key generated by this link [or any third party] is, by definition, NOT private!!

If you need to quickly generate a non-production Certificate Signing Request (CSR), you can use this online CSR generator at your own risk: CSR Generator