Question

I'm creating a webpage to take sensitive customer information and wish this to be on an SSL secured page.

Ive been asked by a CA to provide a CSR.

I was planning to install OpenSSL on a server and create one of these.

Does this mean that the server I create the CSR on will be the same one I have to install the certificate they provide me or can I install it somewhere else?

What links the certificate they provide to the CSR I create?

Thanks for any help.

Was it helpful?

Solution

When a key pair (public and private) is generated, such as with OpenSSL, a CSR is also generated. The CSR is sort of a wrapper that contains your Organization info with the public key. This is also the part of the pair where the CA will sign upon.

Once you have received the signed certificate (after paying companies like VeriSign, GoDaddy) you should be pairing the signed certificate back together with the initially generated private key and together they work in the app in which you wish to secure content transmission with. E.g. Web servers.

The key pair, and CSR files generated usually CAN BE moved to other hosts/servers. Only in cases where the key pair generation mechanism involves hardware (such as some nCipher devices) will you not be allowed to move to other machine.

OTHER TIPS

It doesn't matter, where the certificate signing request (CSR) is being generated.

Just make sure, you keep the private key. Otherwise the issued certificate will be useless, as it's the key that "links" your CSR to the certificate.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top