How to install a Certificate Signing Request for 4D WebSTAR 4.x ?

To generate a CSR, you will need to create a key pair for your server. Then, the CSR and the Key Pair can't be separated.

If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match. You will have to request a new SSL Certificate and may be charged.

We recommend that you contact the WebSTAR vendor for additional information.

Generate Key Pair and CSR

1. Launch the Key Generator application (in the Tools & Examples folder, SSL Tools folder).

2. Enter a password to protect your key. You'll need it later to authorize WebSTAR SSL to use your public/private key pair. Do not forget this password! If you do, the private key cannot be recovered: there is no "back door" to this security. Make sure that the password is at least 8 characters long, includes letters, numbers and punctuation, and is not a name or a word.

3. Write the password down and store it in a secure place, such as a safety deposit box. If you lose the password, you will have to purchase a new certificate.

4. Click the Create Key button to generate your private key file.

5. Name the file something like "Private Key File" (the default), and save it in the root folder for the SSL host (the WebSTAR folder or the host folder if you have a secondary IP host).

6. When the key file is created, the Key Generator will beep and allow you to click OK , then it will quit.

7. Make sure that the key file is in your WebSTAR folder. If it's not there, move it into that folder now.

8. Launch the CSR Utility application (in the Tools & Examples folder, SSL Tools folder).

9. Click Choose and select the Private Key file you created. Once you select a private key file, the key file and the Certificate you will receive will be a signed Certificate pair, and cannot be separated.

10. If you lose the Private Key file and generate a new one, your Certificate will no longer match. You will have to send a request to the Certificate Authority for a new Certificate, which you may be charged for. For this reason, be sure to keep backup copies of your file in a secure location.

11. Enter the password required to access your public/private key pair (the password you entered when generating the key pair, as described in Generate a Key).

12. Click the Create button to generate your encrypted Certificate request form. This command will prompt for the following X.509 attributes of the certificate:

Common Name – Must match the URL you plan to secure exactly – is usually your fully-qualified domain name, e.g., devel.ssl247.co.uk or mail.devel.ssl247.co.uk). Remember the www. Is important – include it if you want to secure https://www.yoursite.com & exclude it if you want to secure https://yoursite.com
Organisation - The legal (officially registered) name of your organization/company include Inc., LLP., Pvt, Plc. Ltd. SARL., etc
Organisational unit - The name of your department within the organization (this is often "IT," "Web," or is just left blank).
City/locality - The city or town in which your organization is located.
State/province - The state in which your organization is located.
Country - Click here for the official list of ISO country codes for this field.

13. The application creates a file named Certificate Request by default. You can use that name or rename it.

14. Quit the CSR Utility program.

15. You have just created a key pair and a CSR.

16. To copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).

17. Go to Enrollment.

Note: For Extended Validation certificates the key bit length must be 2048.