Product Documentation

To create a CSR by using OpenSSL

Dec 21, 2015
If you cannot use a Windows 2008 R2 Server and Microsoft Internet Information Server (IIS) or a Mac computer to generate a Certificate Signing Request (CSR) to submit to Apple for the Apple Push Notification service (APNS) certificate, you can use OpenSSL.
Note: In order to use OpenSSL to create a CSR, you need to first download and install OpenSSL from the OpenSSL website.
  1. On the computer where you installed OpenSSL, execute the following command from a command prompt or shell.
    openssl req -new -keyout Customer.key.pem –out CompanyAPNScertificate.csr -newkey rsa:2048
  2. The following message for certificate naming information appears. Enter the information as requested.
    You are about to be asked to enter information that will be incorporated 
    into your certificate request. 
    What you are about to enter is what is called a Distinguished Name or a DN. 
    There are quite a few fields but you can leave some blank 
    For some fields there will be a default value, 
    If you enter '.', the field will be left blank. 
    Country Name (2 letter code) [AU]:US 
    State or Province Name (full name) [Some-State]:CA 
    Locality Name (eg, city) []:RWC 
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Customer 
    Organizational Unit Name (eg, section) []:Marketing 
    Common Name (eg, YOUR name) []:John Doe 
    Email Address [] 
  3. At the next message, enter a password for the CSR private key.
    Please enter the following 'extra' attributes 
    to be sent with your certificate request 
    A challenge password []: 
    An optional company name []:
  4. Send the resulting CSR to Citrix.
Citrix prepares the signed CSR and returns the file to you through email.