Wow OpenSSL and it worked first time

Had to generate a CSR using openssl - Yep not really sure what had to be done, I heard of openssl before but as for using it to actually generate a CSR cert (not going to happen). After downloading and installing http://www.openssl.org/related/binaries.html I ran the program. All the reelvant files were installed - opened the cmd prompt and navigated to the C:/openssl file. While still in the command prompt typed in

1. Generate the private key

Please type the following command at the prompt:

openssl genrsa –des3 –out www.mydomain.com.key 1024

the prompt not asks for the password and the confirmation

This command will generate a 1024 bit RSA private key and stores it in the file www.mydomain.com.key. It will ask you for a pass phrase: use something secure and remember it. Your certificate will be useless without it's corresponding key.

Note: If you don't want to protect your key with a pass phrase (only if you absolutely trust the server machine, and you make sure the permissions are carefully set so only you can read that key) you can leave out the -des3 option above.

2. Generate the CSR

Please type the following command at the prompt:

openssl req –new –key www.mydomain.com.key –out www.mydomain.com.csr

This command will prompt you for the X.509 attributes of your certificate. Enter your country, state or province and locality or city. You should enter the company name as it appears on your official company registration documents. The organization unit is optional, we verify and authenticate the company name and not the organization unit. To skip the organization unit (OU) field please press enter on your keyboard.

The term "Common Name" is X.509 speak for the name that distinguishes the certificate best, and ties it to your Organization. Enter your exact host and domain name that you wish to secure. Example: If you wish to secure www.mydomain.com, then you will need to enter the exact host (www) and domain name (mydomain.com) in this field. If you enter mydomain.com then the certificate issued to you will only work error free on https://mydomain.com. It will cause a certificate mismatch error when you or your users access the domain via https:// www.mydomain.com.

Please do not enter your email address, challenge password or an optional company name when generating the CSR.

You have now created a public/private key pair. The private key (www.mydomain.com.key) is stored locally on your machine and is used for decryption. The public portion is sent to thawte in the form of a Certificate Signing Request (certrequest.csr), and will be used by your users to encrypt the data they send to your site. The Certificate Signing Request (CSR) looks something like this:

3. Backup your private key

Please backup your www.mydomain.com.key file and make a note of the pass phrase. A good choice is to create a copy of this file onto a diskette or other removeable media

Please backup your private key using the instructions at the following link: