Before you can begin the process of obtaining a Certificate, you must generate a Private Key and CSR pair off the web server.

A CSR is basically a Public Key that you generate on your server that validates the computer-specific information about your web server and Organization when you request a Certificate from Certification Center.

Digital ID's make use of a technology called Public Key Cryptography, which uses Public and Private Key files.

The Public Key, also known as a Certificate Signing Request (CSR), is the key that will be sent to Certification Center.

The Private Key will remain on the server and should never be released into the public. Certification Center does not have access to your Private Key. It is generated locally on your server and is never transmitted to Certification Center. The integrity of your Digital ID depends on your private key being controlled exclusively by you.

A CSR cannot be generated without generating a Private Key file nor can the Private Key file be generated without generating a CSR file. In certain web server software platforms like Microsoft IIS, both are generated simultaneously through the Wizard on the web server.

Typically, you will be prompted to enter the following information about your Organization in order to generate the Private Key and CSR pair off the web server:
Organization Name
Organizational unit
Country Code
State or Province
Locality
Common Name*

* The term "common name" is X.509 speak for the name that distinguishes the Certificate best, and ties it to your Organization. In the case of SSL Web Server Certificates, enter your exact host and domain name that you wish to secure. This may also be the root server or intranet name for your Organization.

Пример Private key RSA

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDHZ5+sW4/mGlQHkuGwO7c8iLPF4AwagnhutiuLMvIizkX5fRka
RK+FlGXQTERv/meVhgV0m6YIfSPHqZZ0JyqUVQw0wQOWdQP+7E+0NoEvpZ5GuXKu
1aDOD+v4ozlfXlx4A0C4hmZ8d2Z13O56dPMP6t1HBaLc+PuebBxgu4x8GwIDAQAB
AoGAHOk7T2QfIv+iO07ihgjCcnZnikMHvjg4eeTTv2TtknpRzvCCWTqoMDfp4x+L
tKkwH4/E7rk6g3SRYXuHIuQi2gkwnTyu0/QhvxgCj9K+iNd7+aHLIjfUpzZmVxQu
AMABdB9pgoRwKKkIklpPUQmSScTBooxRY0A5diCzFd6KauECQQDvznTLZbBZazt+
RXWUEwGTcYfANYFDZH7+B7CkvtFoVwD5fwPJZ7YjAdcAK4Xg8vNNFkq63GLioWnb
SPmnRanDAkEA1N697klySVoQYcON3J1kmbkwnrG6PBtAD9swYQ5isUK6GYAhvuqw
VKEYIU9kobR6LwJUclPTHPX5BS5leQfmyQJBAKjh0urzYHB4zlss+5Mel3uI9rts
cu5NNgoczFAZekxrCWqsArSyb1jUEOAzxoMXVjUxv8s9Lf7BAlXGXNtqehUCQB2q
MNO9PoUEXRYSt3lQIc3eZe0nnWl07reG9zX/WDeVsfONzKYbdJlGneM+eiqiyQg2
Deikz93QVXSoY5G7TSkCQD+iNCrtqi8M2HnJ2ydQ+SnyTRNiqAlekXZ+I+UMQ/11
JgycCS6lZUNPI3QAZxaoeKTR50N65MVRNnR3qfO6kYc=
-----END RSA PRIVATE KEY-----

The private key to which your SSL certificate is issued is the lifeline to your secure Web or Mail server. If the key gets into the wrong hands, your server's secure site is vulnerable.

Securing the private key is one of the more important things that you can do to ensure that you have a trusted SSL-enabled site.

The private key is generated when you create your Certificate Signing Request.

Certain server platforms create a password protected private key or keystore. Remember that a strong password is one that is lengthy and utilizes a combination of letters, numbers, and symbols.

You can also ensure security by hardening access to your server. A combination of firewalls, IP address restrictions, client-side certificates, and multiple authentications, is a great way to ensure that access to your server and private key is restricted.