Generate a Private Key

Use the Key Generator application in the SSL Tools folder of your WebStar 4.x installation to generate a file containing a private key for use with your secure server.

Follow these steps:

1. Launch the Key Generator application (in the Tools & Examples folder, SSL Tools folder of your WebStar 4.x installation).
   
    
2. Enter a password to protect your key. You'll need it later to authorize WebSTAR SSL to use your public/private key pair.
   
   Do not forget this password! If you do, the private key cannot be recovered: there is no "back door" to this security.
   
   Make sure that the password is at least 8 characters long, includes letters, numbers and punctuation, and is not a name or a word.
   
   Write the password down and store it in a secure place, such as a safety deposit box.
   
   If you lose the password, you will have to purchase a new certificate.
   
    
3. Click the Create Key button to generate your private key file.
   
    
4. Name the file something like "Private Key File" (the default), and save it in the WebSTAR folder.
   
    
5. When the key file is created, the Key Generator will beep and allow you to click OK , then it will quit.
   
    
6. Make sure that the key file is in your WebSTAR folder: if it's not there, move it into that folder now

Create your Certificate Signing Request

The Certificate Signing Request process requires that you supply an email address and certain identifying information, as described below.

Your Certificate Signing Request may be rejected if the information is not properly formatted. Be sure to closely follow the conventions outlined in the instructions. If any of the information is improperly formatted, we will ask you to correct it and send the request again.

1. Launch the CSR Utility application (in the Tools & Examples folder, SSL Tools folder of your WebStar 4.x installation).
   
    
2. Type the host name of your Web site in the "Common Name" field, for example:
   
   www.bitengines.com
   
   Make sure that the Common Name you specify will be the actual host name of your SSL server, it will be encoded into the signed Certificate and cannot be changed later without purchasing a new Certificate.
   
   Furthermore, this host name should be the main "A name" entry for your machine on your DNS server.
   
   Your Certificate may have problems if you use an IP address or if the host name is a "CNAME" entry (DNS alias), for example. Contact your network administrator for guidance if necessary.
   
    
3. Type the name of your organization in the "Organization" field, for example:
   
   BitEngines
   
    
4. Type the name of the department or other organization unit in the "Org Unit" field, for example:
   
   E-Business Development
   
    
5. Type the name of the city or town in which your organization is located in the "Locality" field, for example:
   
   Copenhagen
   
   Do not abbreviate the state or province name.
   
    
6. Type the name of the state or province in which the organization is located in the "State/Province" field, for example:
   
   Sealand
   
    
7. Type a two-letter code for the country in which you are located in the "Country Code" field, for example:
   
   DK
   
   Do not spell out the country name: use a 2-letter code. The code for the United States is US. For Canada, the code is CA.
   
    
8. Type the email address of the site's Webmaster or administrator in the "Email Address" field, for example:
   
   webmaster@bitengines.com
   
    
9. In the "Phone Number" field, type a phone number where the Certificate Authority can reach you, and type your fax number in the "FAX Number" field.
   
   The Email Address, Phone Number, and FAX Number fields are not part of the Certificate. We use these fields to contact you if there is a problem with the Certificate request.
   
    
10. Click Choose and select the Private Key file you created.
    
    Once you select a private key file, the key file and the Certificate you will receive will be a signed Certificate pair, and cannot be separated.
    
    If you lose the Private Key file and generate a new one, your Certificate will no longer match. You will have to send a request to us for a new Certificate, which you may be charged for. For this reason, be sure to keep backup copies of your file in a secure location.
    
     
11. Enter the password required to access your public/private key pair (the password you entered when generating the key pair, as described in Generate a Key ).
    
     
12. Click the Create button to generate your encrypted Certificate request form.
    
     
13. The application creates a file named Certificate Request by default. You can use that name or rename it.
    
     
14. Quit the CSR Utility program.