Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
picture of tbs certificates
picture of tbs certificates
Our products range

Generate and install a CSR on 2048-bit-not-compatible software

Since January 1, no recognized certification authority has provided certificates issued by an RSA private key lower than 2048 bits. More info

If your server can not handdle 2048-bit key and if there's is not patch available for your server (Aventail, Citrix...) then you'll have to use tierce tools such as Open SSL and import the private key and the linked certification chain in your platform.

First of all, make sure you can import those elements in your platform. Under the form of an individual imporation (private-key.key, certificate.cer ou .pem, intermediate authorities ca.cer) or of a huddled importation via a #PKCS12 file (.p12 or .pfx extention under windows). Those 2 solutions are described below:

Use Open SSL (individual importation)

Firstly generate a 2048-bit RSA private key and a certificate request linked to a #PKCS10 (CSR) format with Open SSL tools:
To do so, you can use our online OpenSSL helper:
Help with the creation of a CSR
or follow the instructions here:
Obtain a server certificate and Generate a CSR for Apache with OpenSSL

2 files will be created:

- The CSR file (certificate request) that you'll have to copy/paste to order your certificate renewal. See Access an order form.

- A private key, that you will have to save then to import in your platform along with the certificate when the last is delivered. Make a pkcs12 (.pfx or .p12) from files for openssl (.pem, .cer, .crt, ...)

Use a Windows server (huddled importation)

If you do not have open SSL, you can also perform the entire "Certificate request" procedure, including the generation of the CSR on an IIS server, in a temporary site. The procedure is described here for this:
IIS 5 or 6

Then, you just have to install your certificate on this same IIS server:
Install a certificate for Microsoft IIS5 or IIS6

And finally export your certificate and its private key in a .pfw file (PKCS12): Save your certificate for IIS5, IIS6 or IIS7 and private key

Microsoft Windows NT4

A 2048-bit RSA key cannot be generated via Microsoft windows NT4 administration interface. To do so, you'll have to use OpenSSL tools (cf here-above "Use OpenSSL").

Then you'll have to convert the private key to a NET format: openssl rsa -in -out -outform NET

It will allow you to import the private key in Windows NT4 versions that do not implement PFX format (#PKCS12) used nowadays.