Check Point - Generate CSR

A Certificate Signing Request (CSR) is required when applying for an SSL certificate. This CSR (and private key) can be generated on your webserver. To request a wildcard certificate, fill in an * (asterisk) for the subdomain, for example * (instead of

  1. Start Putty and login as root administrator.
  2. Once logged in, switch to expert mode by using the command "expert".
  3. Enter the expert password.
  4. Create a CSR and KEY file, using the following command: (select your own name for the *.csr and *.key file. In this example we use ''.) Cpopenssl req –new –out –keyout –config $CPDIR/conf/openssl.cnf
  5. Enter a PEM password, which is needed to import a CSR within Check Point. Without a password, the certificate cannot be imported and is therefore rendered useless. Confirm the password by entering it a second time.
  6. Enter the two letter country code. Enter the state or province name. Enter the locality. Enter the organization name. Enter the common name (hostname/FQDN). Set the optional challenge password (this is recommended for additional security). Set the optional company name.
  7. The created CSR can now be displayed by using the following command: cat

To order a certificate, copy the entire contents of the generated CSR, including the first and last line and all dashes.

Order certficate


Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues