SSL证书请求文件(CSR)生成指南 - Orion Web Server

重要注意事项 An Important Note Before You Start

在生成CSR文件时同时生成您的私钥，如果您丢了私钥或忘了私钥密码，则颁发证书给您后不能安装成功!您必须重新生成私钥和CSR文件，免费重新颁发新的证书。为了避免此情况的发生，请在生成CSR后一定要备份私钥文件和记住私钥密码，最好是在收到证书之前不要再动服务器。

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

Orion Webserver Keygen Instructions

Creating a keystore with a certificate:

1. keytool -genkey -keyalg "RSA" -keystore keystore -storepass 123456 -validity 360

2. keytool -certreq -keyalg "RSA" -file my.host.com.csr -keystore keystore

3. Submit your CSR to Thawte.

4. paste the certificate once issued into my.host.com.cer

5. keytool -keystore keystore -keyalg "RSA" -import -trustcacerts -file my.host.com.cer

You should now have a keystore file in your current directory

Creating a secure site:

1. Copy the default-web-site.xml config in the /config directory to secure-web-site.xml and edit it.

2. Add secure="true" as an attribute to the tag.

3. Add the keystore to the main body.

4. Install the site, this is done by adding %lt;web-site path="./secure-web-site.xml" /> the site to server.xml.

测试CSR和把CSR发给WoSign, Start the certificate request process

生成CSR后，建议您自己测试一下生成的CSR文件是否正确，请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器，等待证书的颁发。

To submit the CSR to WoSign for processing you should start the certificate enrollment process.