Manually Create a CSR in Windows

When using SSL on Windows, you must create a Certificate Signing Request (CSR) to receive an SSL certificate.

  • A CSR is a data file that contains the Public Key and your domain details.
  • You will submit the CSR to your SSL provider.  
  • Your provider will verify and then issue a SSL certificate in a .crt file.  

  You should use the FileCloud control panel to create a CSR. If you encounter issues, you can create the request manually.

Create a CSR using the FileCloud Control Panel


To manually create an SSL certificate, you can use the openssl tool included with FileCloud Server.

To manually create a CSR:

1.  On the FileCloud server, navigate to the following directory:

c:\xampp\apache\bin

2.  To open the tool, double-click OpenSSL.

3.  To create a Private Server Key, type the following code: (If your SSL provider does not accept key lengths of 2048, a higher length of 4096 can  be used in the follwing command.)

C:\xampp\apache\bin>openssl genrsa -des3 -out server.key 2048 -config "C:\xampp\apache\conf\openssl.cnf"

Note

If you encounter any errors related to:

unable to open configuration file 

Then run the following in the command prompt to set the path.

set OPENSSL_CONF=c:\xampp\apache\conf\openssl.cnf

 4.  To create a Certificate Request (CSR), type the following command: 

C:\xampp\apache\bin>openssl req -new -key server.key -out server.csr -config "C:\xampp\apache\conf\openssl.cnf"

5.  You will be prompted to enter the following information:

InformationExampleNotes
Country NameUS2letter code
State or Province NameTEXAS
full name - no abbreviations
Locality NameHouston
full city name
Organization NameInternet Widgits Pty Ltd
company name
Organizational Unit NameAccounts Payable
section name
Common Namefilecloud.IWPL.com
server FQDN or YOUR name

Be sure to enter the actual server's fully qualified name

filecloud.yourdomain.com 

If it is a wildcard certificate for all sub domains (for example for using multi tenancy), then be sure to enter *.yourdomain.com

*.yourdomain.com
Email Addressmoneyman@iwpl.com
A challenge password
Use the same passphrase you typed in when opening the tool.


6.  Apache won't start up properly if the key is secured with passphrase, so to remove it, type the following command:

copy server.key server.key.secure
openssl rsa -in server.key.secure -out server.key

7. You can now submit the CSR to your SSL provider.

The provider will sign and give you an SSL certificate usually called as server.crt.