SSL证书请求文件(CSR)生成指南 - Zeus
重要注意事项 An Important Note Before You Start
在生成CSR文件时同时生成您的私钥,如果您丢了私钥或忘了私钥密码,则颁发证书给您后不能安装成功!您必须重新生成私钥和CSR文件,免费重新颁发新的证书。为了避免此情况的发生,请在生成CSR后一定要备份私钥文件和记住私钥密码,最好是在收到证书之前不要再动服务器。
By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.
Zeus Server allows each of your virtual servers to have their own SSL certificates. This allows multiple secure sites to run on the same Zeus server. Each virtual server requires its own public and private certificates for secure communication.
Secure certificates are added to a virtual server by clicking on the SSL Configuration link from the Edit Server page. The easiest way to configure SSL on your virtual server is to use the 'SSL Quick Setup' wizard. Click the 'SSL Quick Setup' button and fill in the form
You can configure your SSL server manually. You can use the cert tool ($ZEUSHOME/admin/bin/cert)or an equivalent tool like openssl to generate the keys and certificates.
Generating a private key:
$ $ZEUSHOME/admin/bin/cert -new -type private -keysize 1024 -out private.key
Generating keys, this may take a few seconds
Your new private key has been written to 'private.key'
Generating a certificate request:
$ $ZEUSHOME/admin/bin/cert -new -type request -key private.key -out cert.csr
The following information is required to make up the certificate.
Optional fields can be left blank by entering a '.'
Country: GB
State/Province : London
Locality (town/city): Cambridge
Organisation: Zeus
Organisational Unit: Zeus Support
Common Name (full DNS name of the machine): www.domain.com
Your certificate request has been written to the file 'cert.csr'.
Generating a public certificate: $ $ZEUSHOME/admin/bin/cert -new -type public -key private.key -out public.cert
The following information is required to make up the certificate.
Optional fields can be left blank by entering a '.'
Country: GB
State/Province : London
Locality (town/city): Cambridge
Organisation: Zeus
Organisational Unit: Zeus Support
Common Name (full DNS name of the machine): www.zeus.com
Your new public certificate has been written to the file 'public.cert'.
Displaying the public certificate:
$ $ZEUSHOME/admin/bin/cert -in public.cert -text
X509 Certificate:
Certificate Info:
Version: 00
Serial Number: 00
Signature Algorithm: md5withRSAEncryption
Issuer:
C=GB, ST=London, L=Cambridge, O=Zeus, OU=Zeus Support, CN=www.zeus.com
Validity:
Not Before: Mon, 15 May 2000 17:40:11 GMT
Not After: Tue, 15 May 2001 17:40:11 GMT
Subject:
C=GB, ST=London, L=Cambridge, O=Zeus, OU=Zeus Support, CN=www.zeus.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryptionPublic Key:
Modulus:
c4:84:c7:63:36:e0:d4:52:fb:41:44:31:38:9b:91:5e:62:
....
Exponent:
01:00:01
Signature Algorithm:
md5withRSAEncryption
Signature:
29:eb:c2:62:73:b8:b7:82:94:33:1f:da:9b:83:39:8b:75:1c:47:f5:41: ....
Verifying Key/Certificate pairs:
$ $ZEUSHOME/admin/bin/cert -check -key private.key -in public.cert
测试CSR和把CSR发给WoSign, Start the certificate request process
生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。
To submit the CSR to WoSign for processing you should start the certificate enrollment process.