Before you send a request for an SSL certificate, you must create a Certificate Signing Request (CSR) on the server that you want to secure.
A CSR is an encrypted file that contains information about your company, including the domain name.
The CSR must include this information:
- Country: Two-letter ISO 3166 country code. For example, the code for the Japan is “JP”. For other countries, see the ISO list of country codes or here.
- State or Province: Full name of the state or province where your company is headquartered, such as “California”.
- Locality or City: Full name of the locality or city where your company is headquartered, such as “Los Angeles”.
- Organization: Full legal name of your company.
- Common Name:The website that you will protect with the SSL certificate.
Note: If a certificate request contains an IP address (such as 188.8.131.52), the certificate cannot be issued. The certificate request may contain a fully qualified domain name (www.example.com), second-level domain (example.com), or a wildcard domain (*.example.com). All domain names must be publicly registered. Domains not publicly registered are considered internal server names (ISNs). Due to CA/Browser Forum requirements, the support for certificates that contain an ISN has been deprecated. Certificates containing an ISN are restricted to the OV level and must expire before November 1, 2015. In addition, certificates containing an ISN must be manually vetted, which may delay their issuance.
Note: Do not use blank fields in your CSR. If you do not wish a field to be in your certificate, simply do not include this field in your CSR. Trend Micro SSL does not currently support the use of “Organizational Unit” fields in CSRs. If you include an Organizational Unit field, it will be ignored.
The process used to create a CSR depends on the server that you are securing.
For Microsoft servers, download the following documentation: Creating CSR for Microsoft.
For Apache servers, download the following documentation: Creating CSR for Apache.
For other servers, download the following documentation: Creating CSR for other servers.
This documentation includes instructions on how to create CSR for the following servers:
- C2Net Stronghold
- Cisco Adaptive Security Appliance (ASA) 5500
- Cobalt RaQ4/XTR
- F5 BIG IP (version 9)
- F5 BIG IP (pre-version 9)
- F5 FirePass VPS
- HSphere Web Server
- IBM HTTP Server
- Java-based web server (generic)
- Lotus Domino 8.5
- Oracle Wallet Manager
- Oracle WebLogic Server 8 or 9
- Plesk 10
- Plesk 9
- Plesk 8
- SAP Web Application Server 6.10 or higher
- Zeus Web ServerPremium
For more information about the SSL component of Deep Security for Web Apps, refer to the following KB article: Frequently asked questions about Trend Micro SSL.