SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


Generate and install a CSR on 2048-bit-not-compatible software

Since January 1, no recognized certification authority has provided certificates issued by an RSA private key lower than 2048 bits. More info

If your server can not handdle 2048-bit key and if there's is not patch available for your server (Aventail, Citrix...) then you'll have to use tierce tools such as Open SSL and import the private key and the linked certification chain in your platform.

First of all, make sure you can import those elements in your platform. Under the form of an individual imporation (private-key.key, certificate.cer ou .pem, intermediate authorities ca.cer) or of a huddled importation via a #PKCS12 file (.p12 or .pfx extention under windows). Those 2 solutions are described below:

Use Open SSL (individual importation)

Firstly generate a 2048-bit RSA private key and a certificate request linked to a #PKCS10 (CSR) format with Open SSL tools:
To do so, you can use our online OpenSSL helper:
Help with the creation of a CSR
or follow the instructions here:
Obtain a server certificate and Generate a CSR for Apache with OpenSSL

2 files will be created:

- The CSR file (certificate request) that you'll have to copy/paste to order your certificate renewal. See Access an order form.

- A private key, that you will have to save then to import in your platform along with the certificate when the last is delivered. Make a pkcs12 (.pfx or .p12) from files for openssl (.pem, .cer, .crt, ...)

Use a Windows server (huddled importation)

If you do not have open SSL, you can also perform the entire "Certificate request" procedure, including the generation of the CSR on an IIS server, in a temporary site. The procedure is described here for this:
IIS 5 or 6
IIS 7


Then, you just have to install your certificate on this same IIS server:
Install a certificate for Microsoft IIS5 or IIS6

And finally export your certificate and its private key in a .pfw file (PKCS12): Save your certificate for IIS5, IIS6 or IIS7 and private key

Microsoft Windows NT4

A 2048-bit RSA key cannot be generated via Microsoft windows NT4 administration interface. To do so, you'll have to use OpenSSL tools (cf here-above "Use OpenSSL").

Then you'll have to convert the private key to a NET format: openssl rsa -in www.sitekeyfile.com.key -out www.site.com.iiskey -outform NET

It will allow you to import the private key in Windows NT4 versions that do not implement PFX format (#PKCS12) used nowadays.