首页>技术支持>SSL证书请求文件(CSR)生成指南 - Quid Pro Quo Secure

SSL证书请求文件(CSR)生成指南 - Quid Pro Quo Secure

重要注意事项 An Important Note Before You Start

在生成CSR文件时同时生成您的私钥,如果您丢了私钥或忘了私钥密码,则颁发证书给您后不能安装成功!您必须重新生成私钥和CSR文件,免费重新颁发新的证书。为了避免此情况的发生,请在生成CSR后一定要备份私钥文件和记住私钥密码,最好是在收到证书之前不要再动服务器。

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

To request a certificate do the following:

1. Launch Quid Pro Quo Secure, and select "Request Certificate..." from the Control menu.

You will be presented with the Certificate Request dialog.

To create your request, you must fill out the required information, and generate a private key.

2. Generate your private key. If you are using a US-only version of Quid Pro Quo Secure, you will have three options for private key sizes: 512, 768, and 1024 bits.

The recommended key size if 1024 bits.

It is the most secure key available, and there is little reason for choosing a smaller key size. If you are using an exportable version of Quid Pro Quo Secure, you will only have the 512 bit key size available.

3. Click the "Generate" button. After a few seconds (or more, depending on the size of the key selected and the speed of your computer's processor), you be asked to save your private key.

4. Save the file in your Quid Pro Quo Secure application folder, giving the file whatever descriptive name you would like, such as "Server Private Key".

5. Enter information for all requested information fields. In order to generate your request, you must fill out all of the fields:

Webmaster (This is either your name or the name of the person that will be the contact point for the certificate authority.

If the certificate authority needs to verify information or otherwise contact your organization, this is the person they will contact.)

Common Name (This is the domain name of your server exactly as users will type it into their browsers, for instance " www.socialeng.com ")

Wildcard characters, such as "*.socialeng.com" are not allowed. It is important to get the domain name correct; if its not, users will get a warning dialog each time they connect to your site.

Contact Email Address (This is the email address of the person listed in the Webmaster field)

Organization (This is the name of your organization as you would like it to appear in your certificate.

Certificate authorities will verify your right to use the name that appears in this field, so it should be the full legal name of your organization, for instance "Social Engineering Incorporated".)

Organization Unit (This field is used to describe the sub-group of your organization for

Locality This is the city in which your organization is located, for instance "Berkeley" )

State (This is the non-abbreviated name of the state or province in which your organization is located, for instance "California" )

Country Code (This is the two character ISO country code for the country in which your server is located, for instance in the United Stated, "US", and in Canada, "CA" )

Telephone Number (This is the telephone number of the person listed as your contact in the Webmaster field.)

When you have all of the fields filled out and your private key has been generated, click the "OK" button.

Your certificate request will be generated and you will be asked to save the request. Save the file.

Quid Pro Quo Secure certificate requests are created in standard PKCS #10 format.

This is the format accepted by Thawte.

The certificate request you have created is saved as a SimpleText file with a plain-text description of the certificate request and the PKCS-encoded certificate request.

The request will look something like:

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIB1DCCAT0CAQAwgZUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh

MREwDwYDVQQHEwhCZXJrZWxleTEoMCYGA1UEChQfU29jaWFsIEVuZ2luZWVyaW5n

IEluY29ycG9yYXRlZDEYMBYGA1UECxQPV2lkZ2V0IERpdmlzaW9uMRowGAYDVQQD

FBF3d3cuc29jaWFsZW5nLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA

u4/YSMVdCDEwPraIMIg5CpOXLREoF3CPQLHUF48XJiGBROxFOKcp5vkAqSRionVD

tbUFVGXFzc4dB8Ofsul1ryZRIbgAU2gkOsoKC+qzOS8wl/3Eqd6h7IDG1VjdfJ5A

oPvAE4l73PjaKfL3o1T3/FW/iMbCsA3Fx6rM0ti6jWMCAwEAATANBgkqhkiG9w0B

AQQFAAOBgQBULi2DAHKpUwXM66imT/SqYa5E1GJZan5lpyVbf3LFdHw3BtlOapGM

WuVEODtWOSTkbaqxBz4VthcnH/5gpfVIeH2pU1NYsGtwF2zW2tWTjRadZ2od2S12

SxPzPYe4k6+QWJHrFrvd12nLV38QiVvsW2TPPPTI2vZ1FOqe2ZklhA==

-----END NEW CERTIFICATE REQUEST-----

Copy your newly generated request (including the "-----BEGIN..." and "-----END..." tags) to the clipboard.

This is the CSR that you have to paste into the Thawte online form.

测试CSR和把CSR发给WoSign, Start the certificate request process

生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。

To submit the CSR to WoSign for processing you should start the certificate enrollment process.