Requesting a signed SSL certificate from a certification authority

In this tutorial, we explain the steps to generate a CSR and use it to request a signed SSL certificate from a certification authority.

Generating a private key

  • Open the console.
  • Select SSL/TLS Certificates.
  • Press Add in the Private Keys table.
  • Enter a name of your choice for the new key you'll generate. For example, enter console_key in Name.
  • Set Action to Generate.
  • Set Type to RSA 2048 bit to have the best level of security.
  • Press OK.

Abyss Web Server will spend a few seconds to compute the new key. If your computer is slow or overloaded, generating a key could need up to a minute.

Generate a CSR (Certificate Signing Request)

  • Press Generate in front of Certificate Signing Request.
  • Set Private Key to the key you've just created. The certificate you'll request will be based on that private key.
  • Enter the name of the site that the certificate will be used for in Host Name (Common Name). For example, if your site will be accessed using https://www.example.com, enter www.example.com (and not example.com).
  • Fill the rest of the fields with information on your true identity. This is mandatory as these will be usually verified by the certificate authority before they issue the certificate. Note that the 2-letter code of the United Kingdom is GB. For a detailed list of country codes, please refer to the official ISO 3166-1-alpha-2 codes listing.
  • Press OK.
  • A dialog with a text area containing your CSR will be displayed. Your CSR is a chunk of characters looking like:

    -----BEGIN CERTIFICATE REQUEST-----
    MIICzjCCAbYCAQAwZzELMAkGA1UEBhMCQUQxCzAJBgNVBAcTAnp6MQswCQYDVQQI
    EwJ6ejELMAkGA1UEChMCenoxCzAJBgNVBAsTAnp6MQowCAYDVQQDFAEqMRgwFgYJ
    ............
    ...........
    PrsYu7x/tasImPDGxzBZARSqSRbKhkEF87edLpfEZA7zm1/EmNymlkl500bmozFP
    ArqSoOPoHGOJZNyvCk3d/Y6g4qhdlWAs0DotSjVSp1ucMNIg04qVcr92IFQ/Hw3/
    1Pc=
    -----END CERTIFICATE REQUEST-----

Sending the CSR to the certification authority

  • Once the CSR generated, you will have to send it to a certification authority which will do the necessary to check your information and to generate a signed certificate. Note that only the CSR has to be sent to the certification authority, the private key used to generate it should never be sent to them.
  • Depending on your certification authority, you may have to send it, copy it in an online form, or put it in a text file and forward it to them. We strongly recommend that you check with your certification authority about the best way to provide them with the CSR.
  • Some certification authorities will ask you about your server type. This information is mainly used for statistical purposes and makes no difference on the final signed certificate they will deliver. If you do not find Abyss Web Server on their list, select Other Web Server or Other. If no such choices are available, you can select OpenSSL or OpenSSL-based server. Again if no such choices are available, you can safely select Apache or ModSSL as our SSL/TLS implementation is based on OpenSSL which is also used by Apache and ModSSL.

Entering the signed certificate in Abyss Web Server

When you receive your signed certificate from the certificate autority, you'll have to enter it in Abyss Web Server before being able to use it.

  • Open the console.
  • Select SSL/TLS Certificates.
  • Press Add in the Certificates table.
  • Enter a name of your choice for the certificate you'll enter. For example, enter my_cert in Name.
  • Set Private Key to the key you have used when generating the CSR of the signed certificate.
  • Set Type to Signed by a certification authority.
  • Open the main certificate file you have received from the certification authority with a text editor (such as Windows Notepad or Mac OS X Textpad). Copy its contents in the field Main Certificate.
  • If the certification authority provided you with additional certificates that are necessary to establish the trust chain, they must be entered in Intermediate Certificates. If more than a single intermediate certificate is available, enter their contents one after the other in that field.
  • CA Root Certificate must be filled with the CA (Certification Authority) or root certificate if provided.
  • Press OK to validate the new certificate.

The new certificate can now be assigned to any host.

See also