picture of tbs certificates
picture of tbs certificates
Our products range

Generate a CSR for Axway CFT

Those instructions can be used for Axway CFT servers. To obtain a SSL server certificate for CFT (server authentication):

  1. Generate a private key and a CSR with OpenSSL
  2. Obtain a certificate with TBS INTERNET
  3. Convert elements into binary DER files
  4. Import elements in the TransferCFT PKI base
  5. Configure SSL in TransferCRT

New: Use our command line generator

In order to gain some time, you can now generate your command line with our CSR creation assistant tool. Just copy/paste to finalize !

1a- Create the private key

  • Go to a work repertory of your choice on a machine that has OpenSSL (see here for OpenSSL under Windows).
  • Choose a file's name that fits you and generate the key with the following command:
    openssl genrsa 2048 >

  • Do not use the "-des3" option to create a password.

Make a backup copy of your .key file!

  • If you are under Unix, protect your file with:
    chmod 400

Create your certificate request (CSR)

  • Use this command to generate the CSR:
    openssl req -new -key >
  • The system will then ask you to fill in fields. To do so respect instructions of the page Obtain a server certificate

    Country Name (2 letter code) []: (FR in France for example)
    State or Province Name (full name) [Some-State]: (your state or province name, name of your département in France)
    Locality Name (eg, city) []: (the name of your city)
    Organization Name (eg, company) []: (your organization name)
    Organizational Unit Name (eg, section) []: (do not fill - advised - or enter a generic term such as "IT Department".)
    Common Name (eg, YOUR name) []: (the name of the website to be secured)
    Email Address []: (let blank)

  • Do not fill in fields such as: "A challenge password" or "An optional company name"

2- Finalize the order process

  • Use the appropriate link to place your order on our website. See Access an order form
  • Copy/paste the content of the file in the form.


  • On some platforms the openssl.cnf file that is read by OpenSSL by default to generate the CSR is not good.

    In this case, you can download ours:
  • For Apache under Windows, the instructions are the same, but you must make sure the you have installed Apache with OpenSSL. You can download it here. For the remaining instructions, remplace openssl by openssl.exe