Use OpenSSL to generate a CSR file and apply for a global SSL Certificate

The http://www.openssl.org only has the original OpenSSLCodeDownload. To make it easier for Windows users to use OpenSSL, We have specially prepared the executable OpenSSL 0.9.8.a for Win32 version (Binary version) for you)

Yes: http://www.myssl.cn/download/OpenSSL_0.9.8.a_Win32.zip

You can also use OpenSSL CSR online generator: http://www.myssl.cn/openssl/createcsr.asp(Note: You must save both the. Key and. CSR files)

If you want to generate a CSR file and apply for a certificate, download the file:

Step 1: Decompress the package to the C: \ OpenSSL directory, execute cmd.exe to enter the command window, and execute:
Cd c: \ OpenSSL
Set openssl_conf = OpenSSL. CNF
OpenSSL req-New-nodes-keyout server. Key-out server. CSR

Therefore, the current directory will generate two files: Server. Key and server. CSR. Keep these two files properly. do not disclose the server. Key Private Key File.
During the command execution, the system requires you to fill in the following information:

Country name (2 letter code): Enter the country code with 2 letters in the format of the ISO country code. Enter CN in China.

State or province name (full name): province, for example, enter Shanghai

Locality name (eg, city): city, for example, enter Shanghai

Organization Name (eg, company): Organization Unit. For example, enter the company name in pinyin.

Organizational unit name (eg, Section): for example, enter it Dept

Common name (eg, your websites domain name): the address of the website that uses SSL encryption. Note that this is not your domain name, but the website name that uses SSL, for example, pay.abc.com. A website is defined as abc.com, www.abc.com, and pay.abc.com. Note: This server domain name should be consistent with the SMTP/POP3 server name set by the mail client software.

Email Address: email address, which can be left blank

A challenge password: Optional

An optional Company Name: Optional

Step 2: To confirm that you have the permission to manage the SSL server domain name applied for, the authentication system will send an email to the specified administrator mailbox. For example, if the SSL Certificate Server domain you are preparing to apply for is host.yourdomain.com, make sure you can receive ssladmin@yourdomain.com or ssladmin@host.yourdomain.com when submitting your application

Step 3: Go to www.myssl.cn to apply for an SSL certificate. The address is the http://www.myssl.cn/product/index.asp, submit the server. CSR generated in step 3, and enter the relevant information of the application.

Step 4: you will receive an application confirmation email from US geotrust, click the URL in the email, and then approve your application

Step 5: you will receive an email containing the certificate, copy "----- begin certificate -----" to "----- end certificate -----" to notepad.exe, and save it as server. CRT

Step 6: Set server. Key generated in step 1 and server. CRT generated in step 5 as a pair of certificates and keys. Install the certificate according to the server instructions.

If you want to use the certificate generated by OpenSSL on IIS, You need to merge the. Key and. CRT files into the. pfx file by using the following method:

Run cmd.exe to enter the command window and run:
Cd c: \ OpenSSL
Set openssl_conf = OpenSSL. CNF
OpenSSL PKCS12-export-out server. pfx-inkey server. Key-in server. CRT

In IIS 6, you can import the server. pfx file.