SSL Certificates

CSR Instructions - Apache + Raven

Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to eWAY in order to be generated into a SSL Security Certificate.

OpenSSL is the open source project that replaced SSLeay. If you are using SSLeay on your system instead of OpenSSL, substitute ssleay with openssl for the commands.

  1. Enter Server Name (Common Name).

  2. Select size of encryption key (1024 recommended).

    *Note: The encryption key size (512 bit, 1024 bit) has nothing to do with the actual session key (128 bit, 40 bit).

  3. Enter pass phrase to encrypt key.

    Warning: If you lose the passphrase, you must purchase another certificate.

    See the certificate replacement policy at the bottom of these instructions.

  4. Choose the server to request a certificate for:
    Version 1.5.1 select NO to send the CSR
    Version 1.5 select YES to send the CSR
    Note: If you select no, a required field will be missing and the CSR will be invalid.
    Version 1.5x enter the same pass phrase entered generating the private key above.

  5. Enter the information to be displayed in the certificate.

    Distinguished Name Fields Explanation Example
    Country Name The two-letter ISO abbreviation for your country. US = United States
    State or Province Name The state or province where your organization is located. Can not be abbreviated. Georgia
    City or Locality The city where your organization is located. Atlanta
    Company (Organization) Name The exact legal name of your organization. Do not abbreviate your organization name. My Company, Inc
    Organizational Unit Optional for additional organizational information. Marketing
    Common Name (Server Host Name) The fully qualified domain name for your web server. You will get a certificate name check warning if this is not an exact match. If you intend to secure the URL https://secure.mydomain.com, then your CSR's Server Hostname must be secure.mydomain.com
    Server Administration email address (if applicable) Your email address abc@mydomain.com

  6. Send the CSR to your email address or display the CSR on your console.

  7. Exit RavenCTL.

  8. While waiting for your certificate from eWAY, you can use the self-signed certificate generated above.

    **** Note: If you would like to verify the contents of the CSR, use the following command:

    $ openssl req -noout -text -in server.csr

  9. Create a backup of your private key!

    Backup the servername.key file from the raven/module/pki/keys directory to a secure location and remember the PEM passphrase (step 3).

    **** Note: To view the contents of the private key, use the following command:

    $ openssl rsa -noout -text -in servername.key

  10. Submit your CSR to eWAY® by clicking on <Continue>, you will be asked to complete the agreement and the enrollment form as well.

» Return to CSR Instruction List