Generating a Server Certificate Request

A server certificate request is used to obtain a certificate from a certificate authority (CA). A CA is a trusted third party that vouches for the identity of individuals and organizations. Essentially the certificate authorities maintain a large database of public keys which are distributed as requested. Entrust, Thawte, and Verisign are some well know CA's, each of which provide on-line ordering systems for server and client certificates.

A digital certificate must follow a specific format and be encoded in x.509 format to be accepted by the CA's online ordering system.

To create a server certificate request:

  1. Go to Certificates:Generate to display the Generate New Certificate or Request dialog.

  2. Select the Server Certificate radio button, the Request radio button, and the appropriate Key Size radio button. Key sized greater than 768 bits are recommended.

  3. Enter the Certificate Name: It must be 8 characters or fewer containing numbers, letters, or underscores. It is used to create the certificate and private key filenames.

  4. Enter the Challenge Password: It must be at least four characters containing numbers, letters, or underscores. It is used to protect the private key file from unauthorized use.

  5.  Enter the Common Name: This is generally a computer name or address. Some CAs require that this field not contain any blanks or special characters.

  6. Enter the Email Address: This may be used when generating Client Certificates or Client Certificate Requests and may be left blank for Server or Signing Certificates.

  7.  Enter the Organization Name: This specifies the Organization Name portion of the Distinguished Name field.

  8. Enter the Organization Unit: This specifies the Organization Unit portion of the Distinguished Name field.

  9. Enter the Locality or City: This specifies the Locality portion of the Distinguished Name field.

  10. Enter the State or Province: This specifies the State or Province portion of the Distinguished Name field. Some CAs require that this field contain the full state name.

  11. Enter the Country Code: This specifies the Country Code portion of the Distinguished Name field.

  12. Enter the Validity Period: This field is set by the CA and is not part of the Certificate Request.

  13. Click the Generate... button to generate the certificate and key files.

  14. The Certificate Request Complete dialog appears indicating the name and location of the Certificate Request.

  15. Submit the Certificate Request using the instructions provided by the chosen Certification Authority (CA).

  16. Go to Installing a Server Certificate