SonicWALL SSL Offloaders

To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match. You will have to request a new SSL Certificate and may be charged.

The CSR needs to contain the following attributes:

- Country Name (C): Use the two-letter code without punctuation for country, for example: US.
- State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
- Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
- Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
- Organizational Unit (OU): This field is the name of the department or organization unit making the request.
- Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com".

Note: Certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".

We recommend that you contact the SSL Offloader vendor for additional information. 

Generate a Private Key and CSR

1. Create a directory called ‘C:\test’.
2. Launch OpenSSL.
3. Enter the following command to create a private key:
   
   genrsa -des3 -out c:\test\key.pem 1024
   
   Note: For Extended Validation certificates, the key bit length must be 2048.  In this case, enter this command: genrsa -des3 -out c:\test\key.pem 2048
4. Enter in a passphrase to protect the key (at least six characters).
5. Enter the following command to create a certificate request:  
    
   req –new –key c:\test\key.pem –out c:\test\req.pem –config openssl_config.txt 
6. Fill in the required fields for the certificate you want to generate.  You have now created a key pair and a CSR.
7. To copy and paste the information into the enrollment form, open the CSR file in a text editor that does not add extra characters (Notepad or Vi are recommended).