Breadcrumbs

Manually Create a CSR in Windows

When using SSL on Windows, you must create a Certificate Signing Request (CSR) to receive an SSL certificate.

  • A CSR is a data file that contains the Public Key and your domain details.

  • Submit the CSR to your SSL provider.  

  • Your provider verifies the CSR and issues an SSL certificate in a .crt file.  

Use the FileCloud control panel to create a CSR. If you encounter issues, you can create the request manually.

 Create a CSR using the FileCloud Control Panel


To manually create an SSL certificate, use the openssl tool included with FileCloud Server.

To manually create a CSR:

  1. On the FileCloud server, navigate to the following directory: 

    c:\xampp\apache\bin

  2. To open the tool, double-click OpenSSL.

  3. To create a Private Server Key, type the following code: (If your SSL provider does not accept key lengths of 2048, a higher length of 4096 can  be used in the follwing command.) 

    C:\xampp\apache\bin>openssl genrsa -des3 -out server.key 2048 -config "C:\xampp\apache\conf\openssl.cnf"


    If you encounter any errors related to:

    unable to open configuration file

    Then run the following in the command prompt to set the path.

    set OPENSSL_CONF=c:\xampp\apache\conf\openssl.cnf

  4.  To create a Certificate Request (CSR), type the following command: 

    C:\xampp\apache\bin>openssl req -new -key server.key -out server.csr -config "C:\xampp\apache\conf\openssl.cnf"

  5. You will be prompted to enter the following information:

    Information

    Example

    Notes

    Country Name

    US

    2letter code

    State or Province Name

    TEXAS

    full name - no abbreviations

    Locality Name

    Houston

    full city name

    Organization Name

    Internet Widgits Pty Ltd

    company name

    Organizational Unit Name

    Accounts Payable

    section name

    Common Name

    filecloud.IWPL.com

    server FQDN or YOUR name

    Be sure to enter the actual server's fully qualified name

    filecloud.yourdomain.com

    If it is a wildcard certificate for all sub domains (for example for using multi tenancy), then be sure to enter *.yourdomain.com

    *.yourdomain.com

    Email Address

    moneyman@iwpl.com


    A challenge password


    Use the same passphrase you typed in when opening the tool.

  6. Apache won't start up properly if the key is secured with passphrase, so to remove it, type the following command: 

    copy server.key server.key.secure
openssl rsa -in server.key.secure -out server.key

  7. You can now submit the CSR to your SSL provider.
    The provider will sign and give you an SSL certificate usually called as server.crt.