Create a CSR in the SafeSync for Enterprise server that you can send to a public Certificate Authority (CA). This certificate can also be used to update the SSL certificate in the SafeSync management console.
The procedure uses the openssl tool that is installed by default in the SSFE server.
- Log in to the SSFE server shell (or SSH to SSFE server).
- Generate a private key using the command:
# openssl genrsa -out www.domain.com.key 2048
This will create a .key file in the directory where the command is executed. Keep this private key as you will use it when updating the SSL certificate on the SSFE Admin UI when the certificate is signed.
- Create the CSR using the command:
# openssl req -new -key www.domain.com.key -out www.domain.com.csr
- Fill out the needed information for the CSR.
DN Field Explanation Example Common Name The fully qualified domain name (FQDN) for your web server. This must be an exact match. If you intend to secure the URL https://www.yourdomain.com, then your CSR's common name must be www.yourdomain.com. If you plan on getting a wildcard certificate make sure to prefix your domain with an asterisk (*). For example: *.domain.com. Organization The exact legal name of your organization. Do not abbreviate your organization name. domain.com Organization Unit Your department/section in the organization. IT City or Locality The city where your organization is legally located. Wellesley Hills State or Province The state or province where your organization is legally located. This field should not be abbreviated. Massachusetts Country The two-letter ISO abbreviation for your country. US Do not include extra attributes in the required fields. Leave the challenge password blank and just press ENTER key.
- Verify if the CSR is created using the command:
# openssl req -noout -text -in www.domain.com.csr
You should not receive any errors after executing the command.
- Send the .csr file to your CA.