Step-by-Step Guide to Generating a CSR for an IP Certificate
Generating a Certificate Signing Request (CSR) for an IP certificate is exactly the same as generating a CSR for a domain name . Instead of typing a domain name, you will type in the IP address in its place (e.g., 18.65.3.106).
Here's how you can create a CSR specifically for an IP certificate:
Step 1: Prepare Your Information
Before generating a CSR, you need to gather the necessary information that will be included in the request. This typically includes:
- Common Name (CN): This is normally where you type in the domain name for the certificate. Enter the IP address that the certificate will secure (e.g., 18.65.3.106).
- Organization (O): The legal name of your organization.
- Organizational Unit (OU): Leave the OU blank - [hit enter].
- City/Locality (L): The city where your organization is located.
- State/Province (ST): The state or province where your organization is located.
- Country (C): The two-letter country code where your organization is legally located.
- Challenge Password: We do not recommend a challenge password - [hit enter].
Step 2: Generate the CSR
Generating a CSR can vary depending on the software or platform you are using (e.g., OpenSSL, Microsoft IIS, Java Keytool, etc.). Below is an example using OpenSSL, which is commonly used for Apache web servers :
- Open a terminal or command prompt.
-
Use the following OpenSSL command to generate a CSR and a new private key:
openssl req -new -newkey rsa:2048 -nodes -keyout myserver.key -out server.csr
- During the CSR generation process, you will be prompted to enter the information gathered in Step 1. Enter the IP address (rather than a domain name) when asked for the Common Name (CN).
Step 3: Verify the CSR Content
After generating the CSR, it's essential to verify the information it contains:
openssl req -text -noout -verify -in server.csr
This command allows you to review the CSR details to ensure they are correct before submitting it with your IP certificate order.
Step 4: Submit the CSR when you purchase the IP certificate
Pick an IP SSL product and submit the entire contents of the CSR file with your SSL order. The CA will validate your details and, upon approval, issue the IP certificate. The validation process and time can vary depending on how quickly you can prove IP ownership and control .
Important Notes:
- Keep your private key secure (file: myserver.key ); it is required to install your IP certificate once issued. Your private key is not sent to the CA and should never be shared with anyone, not even us.