Follow these instructions to generate a CSR for your Web site. When you have completed this process, click the "close" button below to close this window and continue to the next step. OpenSSL is the open source project that replaced SSLeay. If you are using SSLeay on your system instead of OpenSSL, substitute ssleay with openssl for the commands.

1. Install OpenSSL, if not found on your server. (The OpenSSL version should match your Apache version)
2. Create a RSA private key for your Apache server, with triple-DES encryption and PEM-formatted:

   openssl genrsa -des3 -out domainname.key 1024

   Warning: Backup this key and its passphrase. If you lose the private key or forget its passphrase, you must purchase another certificate.

3. You could also create a private key without triple-DES encryption:
   
   openssl genrsa -out domainname.key 1024
   
   You can view the contents of the private key by using the following command:
   
   openssl rsa -noout -text -in domainname.key
   
   The private key text should begin with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.

4. Now create a Certificate Signing Request using the RSA private key created above (output will be PEM format):
   
   openssl req -new -key domainname.key -out domainname.csr
   
   * Note: You will be prompted for your PEM passphrase if you included the "-des3" switch in step 3.
5. When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

   DN Field	Explanation	Example
   Common Name	The fully qualified domain name for your web server. This must be an exact match.	If you intend to secure the URL https://www.adgrafics.com, then your CSR's common name must be www.adgrafics.com.
   Organization	The exact legal name of your organization. Do not abbreviate your organization name.	GeoTrust
   Organization Unit	Section of the organization	Marketing
   City or Locality	The city where your organization is legally located.	Wellesley Hills
   State or Province	The state or province where your organization is legally located. Can not be abbreviated.	Massachusetts
   Country	The two-letter ISO abbreviation for your country.	UA

6. You will be prompted for extra attributes (i.e., a challenge password and optional company name); we recommend you leave these attributes empty (just hit Enter).
7. You can verify the contents of your CSR by using the following command:
   
   openssl req -noout -text -in domainname.csr
   
   
8. Submit your CSR to GeoTrust - you will be asked to complete the agreement and the enrollment form as well.