Manually Create a CSR in Windows
When using SSL on Windows, you must create a Certificate Signing Request (CSR) to receive an SSL certificate.
- A CSR is a data file that contains the Public Key and your domain details.
- You will submit the CSR to your SSL provider.
- Your provider will verify and then issue a SSL certificate in a .crt file.
You should use the FileCloud control panel to create a CSR. If you encounter issues, you can create the request manually.
Create a CSR using the FileCloud Control Panel
To manually create an SSL certificate, you can use the openssl tool included with FileCloud Server.
To manually create a CSR:
1. On the FileCloud server, navigate to the following directory:
c:\xampp\apache\bin
2. To open the tool, double-click OpenSSL.
3. To create a Private Server Key, type the following code: (If your SSL provider does not accept key lengths of 2048, a higher length of 4096 can be used in the follwing command.)
C:\xampp\apache\bin>openssl genrsa -des3 -out server.key 2048 -config "C:\xampp\apache\conf\openssl.cnf"
4. To create a Certificate Request (CSR), type the following command:
C:\xampp\apache\bin>openssl req -new -key server.key -out server.csr -config "C:\xampp\apache\conf\openssl.cnf"
5. You will be prompted to enter the following information:
Information | Example | Notes |
---|---|---|
Country Name | US | 2 letter code |
State or Province Name | TEXAS | full name - no abbreviations |
Locality Name | Houston | full city name |
Organization Name | Internet Widgits Pty Ltd | company name |
Organizational Unit Name | Accounts Payable | section name |
Common Name | filecloud.IWPL.com | server FQDN or YOUR name Be sure to enter the actual server's fully qualified name filecloud.yourdomain.com If it is a wildcard certificate for all sub domains (for example for using multi tenancy), then be sure to enter *.yourdomain.com *.yourdomain.com |
Email Address | moneyman@iwpl.com | |
A challenge password | Use the same passphrase you typed in when opening the tool. |
6. Apache won't start up properly if the key is secured with passphrase, so to remove it, type the following command:
copy server.key server.key.secure openssl rsa -in server.key.secure -out server.key
7. You can now submit the CSR to your SSL provider.
The provider will sign and give you an SSL certificate usually called as server.crt.