Red Hat ENTERPRISE LINUX 4 System Administration Manual page 278

Chapter 25. Apache HTTP Secure Server Configuration
-out /etc/httpd/conf/ssl.csr/server.csr
Using configuration from /usr/share/ssl/openssl.cnf
Enter pass phrase:
Type in the passphrase that you chose when you were generating your key unless you don't need to.
Next, your system displays some instructions and then ask for a series of responses from you. Your
inputs are incorporated into the certificate request. The display, with example responses, looks similar
to the following:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:USState or Province Name (full name) [Berkshire]:North
CarolinaLocality Name (eg, city) [Newbury]:RaleighOrganization Name (eg, company) [My Company
Ltd]:Test CompanyOrganizational Unit Name (eg, section) []:TestingCommon Name (your name
or server's hostname) []:test.example.comEmail Address []:admin@example.comPlease enter the
following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
The default answers appear in brackets ([]) immediately after each request for input. For example,
the first information required is the name of the country where the certificate is to be used, shown like
the following:
Country Name (2 letter code) [GB]:
The default input, in brackets, is GB. Accept the default by pressing Enter or fill in your country's two
letter code.
You have to type in the rest of the values. All of these should be self-explanatory, but you must follow
these guidelines:
• Do not abbreviate the locality or state. Write them out (for example, St. Louis should be written out
as Saint Louis).
• If you are sending this CSR to a CA, be very careful to provide correct information for all of the
fields, but especially for the Organization Name and the Common Name. CAs check the
information provided in the CSR to determine whether your organization is responsible for what
you provided as the Common Name. CAs rejects CSRs which include information they perceive as
invalid.
• For Common Name, make sure you type in the real name of your secure server (a valid DNS name)
and not any aliases which the server may have.
• The Email Address should be the email address for the webmaster or system administrator.
• Avoid special characters like @, #, & !, and etc. Some CAs reject a certificate request which
contains a special character. If your company name includes an ampersand (&), spell it out as "and"
instead of "&."
260