I would appreciate it if anybody could help me with a csr generation in the Futurequest apache server and openssl application. I have never done anything like this so I am a novice. I purchase standard ssl from godaddy but first they told me to generate a csr on my apache server at my webhost Futurequest. I have entered into the "OpenSSL>" prompt via my ssh at my command n control panel. At that prompt I am suppose to enter a command line as follows: "openssl genrsa -des3 -out <name of your certificate>.key 1024" and the name of the certificate is suppose to be my domain name, therefore at the promt I entered: "openssl genrsa -des3 -out <www.mywebsitedomain.com>.key 1024". But when I enter this command I get an error message saying "permission denied 22881:error:0200100d:system etc.....". What am I doing wrong? I just want to generate the file. I believe I am at the proper directory on my server's path to access the openssl application because when I enter just a "genrsa" command at that prompt the program will generate a generic, I guess, rsa private key with a beginning and end. Is my syntax that i was instructed to use wrong? Am I at the correct directory to enter this command? I am confused, and no one can help me because I have already ask everyone the could possible help. I would appreciate some help, I have been working on this general issue for 2 days now and I am very frustrated. Please help.
Thanks,
Shawn

Here is the best and most concise documentation I have ever found on the subject. Note that it is written for OpenBSD and to be done server wide so you will have to change the paths: http://www.openbsd.org/faq/faq10.html#HTTPS

Do not include the < and > in your command. The rest of it, I don't know.

Hello Kevin,
In that openssl command statement on that link, where do I input my "common name" which I believe should be my domain name? And at the openssl directory on my FQ server do I enter the pound symbol at the begining of that command also? All this is new to me and I feel like I am completely out of the loop here, but I am determine to get a ssl on my server. Thank you for the help.
Shawn

Shawn,
First, don't enter the # symbol. That is their representation of the default shell prompt on an OpenBSD system.

Second, the things like the common name will be prompted during the 3rd command (the second command will prompt for a password).

Common name would be the domain name you want the SSL issued for.

Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR for a website which will be later accessed via https://www.foo.dom/, enter "www.foo.dom" here.
http://www.modssl.org/docs/2.8/ssl_faq.html#cert-real

Below are some possibilities (remember to use your actual domain name and TLD in place of example.com)
example.com
www.example.com
secure.example.com

-Bob

Hello anybody,
I have entered this command and kevin's command line above in my FQ server via ssh and the first step I have been doing is to "cd /usr/bin/", then at this directory I seem to have to enter a "openssl" command, and that brings me to a "openssl>" prompt where I enter these csr commands. In every case when i try to enter these csr commands at the /usr/bin/ level or in the openssl directory, I always get a error message saying "no such file or directory". Am I entering these commands at the proper directory on my apache server to access openssl application? Is It always this hard to generate a csr for my ssl cert?
Shawn

cd /usr/bin would be your problem. You can't create files there. The openssl binary is on your path so being in that dir is not needed.

You should be in your home directory when you run these command (cd ~). The final file that is generated will need to be sent to us for installation as you can't install files into the apache config.

Hello Kevin,
I still get "no files or directory" error message. This is what I am doing: access my cnc interface, click on ssh, click "connect" button and login with password, a window opens up in java and I see my username and the $ promt. I believe the $ prompt should be my home directory? Then I enter the following command line: "openssl genrsa -out /etc/ssl/private/server.key 1024" and enter. I then get the following error message: "/etc/ssl/private/server.key 1024 No such file or directory." and a bunch of error codes after that. What am I doing wrong?
Thanks,
Shawn

Leave out the paths.
openssl genrsa -out server.key 1024

You can't write to /etc.

Hello Kevin or Bob,
I am finally getting somewhere! You are right Kevin I just enter the first command at my home directory and openssl just started to generate my csr.
But the generation stopped at:
"e is 65537 (0x10001)
enter pass phrase for www.mydomainname.com.key"
At this point I am trying to enter a made up password and then continue with the csr but the ssh cursor will not take inputs at this point, as if the keyboard is locked up. What is my pass phrase to input? why won't the cursor at this point acccept any alpha or numerical inputs?
Thanks,
Shawn

Passwords are not printed out. Type the password and when you hit enter you will get the next prompt.

Hello Kevin,
I have my .csr generated!! but I don't know how to copy and paste this file into notepad so that I can finish my ssl cert. When using this java ssh interface via my cnc with my server, I can't right click to copy this .csr text file, how do I copy this file into notepad?
thanks,
Shawn

The easiest thing to do is simply download the file to your system through the CNC file manager.

Hello Kevin,
I am trying to find the .csr file I created today in order to copy it to my computer then use it to finish activating my ssl cert. I am in cnc file manager but I can not find the .csr file to copy. Where should it be?
Thanks,
Shawn

Hello Kevin,
I just found the .csr file and copied it to notepad as a .txt file. Now I can cut and paste this info to finish my ssl cert, then come back to FQ and request a ssl cert installation. I also backed up my .key file that stays with the server and confidential. I believe it should be smoooth sailing from here! Until next time, Thanks alot, I really appreciate it. And thank you to Bob. You guys are great!
Shawn

psst...

http://www.FutureQuest.net/Community/SiteOwner/