Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Heartbleed security vulnerability - OpenSSL 1.0.1 -> See here

Generate an ECC CSR for Apache with OpenSSL

These instructions are suitable for OpenSSL 0.98 and higher.

Preamble

ECC certificates can have compatibility issues with servers and browsers (see Technical limitation of ECC certificates). Before ordering this type of certificate, we recommend that you test. Use our product lineFast and basic SSL and get your certificate in minutes!

In order to gain some time, you can now generate your command line with our CSR creation assistant tool. Just copy/paste to finalize!

1- Generate the private key

  • Connect under root and access the setup directory of your Apache server.
    It is often:
    			cd /etc/httpd/conf
    			ou
    			cd /etc/apache/conf
    			
  • We'll place our working files here but you can choose an other repertory.
  • Choose a file's name that fits you and generate the key with the following command:
    openssl ecparam -out www.example.com.key -name prime256v1 -genkey

  • If you want this key to be protected by a password (that will be requested any time you'll restart Apache):

    openssl ec -in www.example.com.key -des3 -out www.example.com.key

Make a backup copy of the .key file!

  • Protect your file with:
    chmod 400 www.example.com.key

2- Create your certificate request (CSR)

  • Use this command to generate the CSR:
    openssl req -new -sha256 -key www.example.com.key -nodes -out www.example.com.csr
  • The system will then ask you to fill in fields. To do so respect instructions of the page Obtain a server certificate

    Country Name (2 letter code) []: (FR in France for example)
    State or Province Name (full name) [Some-State]: (your state or province name, name of your département in France)
    Locality Name (eg, city) []: (the name of your city)
    Organization Name (eg, company) []: (your organization name)
    Organizational Unit Name (eg, section) []: (do not fill - advised - or enter a generic term such as "IT Department".)
    Common Name (eg, YOUR name) []: (the name of the website to be secured)
    Email Address []: (let blank)

  • Do not fill in fields such as: "A challenge password" or "An optional company name"

3- Finalize the order process

  • Use the appropriate link to place your order on our website. See Access an order form.
  • Copy/paste the content of the www.example.com.csr file in the form. The system will automatically detect the format of the CSR to issue an ECC certificate.

Useful links