首页>技术支持>SSL证书请求文件(CSR)生成指南 - Tomcat

SSL证书请求文件(CSR)生成指南 - Tomcat

重要注意事项 An Important Note Before You Start

在生成CSR文件时同时生成您的私钥,如果您丢了私钥或忘了私钥密码,则颁发证书给您后不能安装成功!您必须重新生成私钥和CSR文件,免费重新颁发新的证书。为了避免此情况的发生,请在生成CSR后一定要备份私钥文件和记住私钥密码,最好是在收到证书之前不要再动服务器。

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

To generate a CSR in Cobalt Raq 550 follow the instructions below:

1. Select Server Management > Security > SSL. The Certificate Information for Server Desktop screen appears along with its associated buttons

2. To create a new self-signed certificate, click Create Self-Signed Certificateand configure the selections as follows:

* City. The city in which the organization is located or registered. It is important that this information is correct and can be verified with a local, regional, or national government, or other official organization.

* State or Province. The state, province, or region in which the above city is located. It is important that this information is correct and can be verified with a local, regional, or national government or other official organization.

* Country. Select the country in which the organization that will use this certificate is located or registered. It is important that this information is correct and can be verified with a local, regional, or national government or other official organization.

* Organization. The official name of the organization owning this certificate. In order to obtain a signed certificate from a certificate authority, the organization name and location must be verifiable with a local, regional, or national government or other official organization. In addition, the certificate authority must be able to verify that the person requesting the certificate is the owner or employee of the named organization.

* Organization Unit. The division or unit of the organization that is using this certificate. This is optional, but may be useful if the person applying for a signed certificate is an employee of a subsidiary of a larger organization.

* Contact Email. The email address to be contacted for information about this certificate.

* Certificate Expiration Date. The date after which the certificate should no longer be considered valid by client software attempting to connect to this server.

3. Click Create Signing Request to create a certificate signing request.

Note: In some cases, the state and province information does not apply, depending on the country and how it is divided into different areas.

4. After the fields are filled in, activate the Generate Self-Signed Certificate checkbox. This allows you to generate a self-signed certificate along with the signing request. The self-signed certificate can be used temporarily while you wait for the Certificate Authority to process your signing request. The certificate signing request can be submitted to a Certificate Authority to create a signed certificate that Web browsers can verify as authentic.

5. Click Manage Certificate Authorities to add or remove secondary certificate authorities for this site. The Certificate Authority Management for Server Desktop screen appears. Note: Secondary certificate authorities are usually not needed, but certain authorities issue an extra certificate to be used for client authentication in addition to the usual server certificate that most certificate authorities issue.

6. Configure the settings as follows:

* Certificate Authority Name. Enter a unique name to identify this secondary certificate authority.

* Select Certificate. Click Browse to select the file that contains the certificate authority?s certificate. The certificate should be the only thing in the file.

7. Click Import to import a signed certificate

8. Click Browse to select the text file containing the certificate to import.

The certificate file must contain both the private key and certificate sections if you are transferring it from another server. If the certificate is from a certificate authority to which you submitted a certificate signing request generated by this server, only the certificate is necessary, but it is okay if a private key is included with the signed certificate.

9. Click Export to download the current private key and certificate, so the certificate can be transferred to another server.

To generate the key and CSR for Cobalt XTR please follow the steps below:

Enable SSL on a virtual site:

1. Select the Server Management tab at the top. The ?Virtual Site List? table appears.

2. Click the green pencil icon next to the virtual site on which you want to enable SSL. The ?User List? table appears.

3. Select Site Settings > General on the left side.

4. Click to enable the check box Enable SSL.

5. Click Save Changes.

The server appliance saves the configuration of the virtual site.

Generate a self-signed certificate

Once the Server Administrator has enabled SSL, the Site Administrator must now create a self-signed certificate. The self-signed certificate can be signed later by an external authority.

1. Under the Site Management (<sitename>) tab, select Site Settings > SSL on the left side. The ?Certificate Subject Information? table appears.

2. Enter the following information:

Country?Enter the two-letter country code (for example, AU for Australia or US for United States).

State?Enter the name of the state (for example, New South Wales or California).

Locality?Enter the city or locality (for example, Sydney or Toronto).

Organization?Enter the name of the organization (for example, The Widgets Corporation).

Organizational Unit?As an option, enter the name of a department (for example, Hardware Engineering).

3. Select Generate self-signed certificate from the pull-down menu at the bottom.

4. Click Save Changes.

The server appliance processes the information and regenerates the screen with the new self-signed certificate in the Certificate Request and Certificate windows.

Notes

Links to Cobalt Manuals can be found below:

http://www.sun.com/hardware/serverappliances/

http://www.sun.com/hardware/serverappliances/documentation/

测试CSR和把CSR发给WoSign, Start the certificate request process

生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。

To submit the CSR to WoSign for processing you should start the certificate enrollment process.