How to Generate a CSR for SonicWALL SSL Offloaders

key pair must be created for the server in order to generate a CSR. It is important for the key pair and the digital certificate to not be separated. If the password or the public/private key file is lost or amended before the SSL certificate is installed, the SSL certificate will need to be re-issued. In order for the installation to be successful, the private key, CSR, and the digital certificate must all match.

The CSR needs to contain the following attributes:

Country Name (C): Use the two-letter country code without punctuation, for example: US.
State or Province (S): Spell the state out completely; do not abbreviate the state or province name, for example: California.
Locality or City (L): Locality field refers to the city or town name, for example: Berkeley.
Organization (O): If your company or department has an &, @, or any symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
Organizational Unit (OU): This field is the name of the department or organizational unit making the request.
Common Name (CN): The Common Name is Domain Name. For example: "www.company.com" or "company.com".


Note: SSL certificates can be ONLY used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".

Generate a Private Key and CSR
  1. Create a directory called 'C:\test'.

  2. Launch OpenSSL.

  3. Enter the following command to create a private key:

    genrsa -des3 -out c:\test\key.pem 2048
     
  4. Enter in a passphrase to protect the key (at least six characters).

  5. Enter the following command to create a certificate request: req –new –key c:\test\key.pem –out c:\test\req.pem –config openssl_config.txt

  6. Fill in the required fields for the certificate you want to generate. You have now created a key pair and a CSR.

  7. Verify your CSR

  8. To copy and paste the information into the enrollment form, open the CSR file in a text editor that does not add extra characters (Notepad or Vi are recommended).

BACK