SSL证书请求文件(CSR)生成指南 - F5 BIG-IP
重要注意事项 An Important Note Before You Start
在生成CSR文件时同时生成您的私钥,如果您丢了私钥或忘了 私钥密码,则颁发证书给您后不能安装成功!您必须重新生成私钥和CSR文件,免费重新颁发新的证书。为了避免此情况的发生,请在生成CSR后一定要备份私钥文件和记住私钥密码,最好是在收到证书之前不要再动服务器。
By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.
WoSign recommends that you contact the F5 BIG-IP vendor for additional information.
WoSign建议您联系F5 BIG-IP负载均衡设备的供应商获得更详细的指南!
Generate a Certificate Signing Request
Create a new certificate signing request using the Configuration utility. If you do not know the terms used, see the Terms Defined section below.
In the navigation pane, click Proxies.
On the Proxies screen, click the Create SSL Certificate Request tab.
In the Key Information section, select a key length and key file name.
In the Certificate Information section, enter information for your company.
Click Generate Certificate Request.
In the SSL Certificate Request screen, start the process of obtaining a certificate from your Managed PKI for SSL pages. (Your administrator will provide you with this URL.)
Terms Defined
Common Name
The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com". VeriSign certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".
Organization Information
If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll.
The “Org Unit” field is the name of the department or organization unit making the request.
The Locality field is the city or town name, for example: Berkeley.
Do not abbreviate the state or province name, for example: California.
Use the two-letter code without punctuation for country, for example: CN.
测试CSR和把CSR发给WoSign, Start the certificate request process
生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。
To submit the CSR to WoSign for processing you should start the certificate enrollment process.