Certificate Signing Request

complete the following steps to generate the certificate manual process steps (client process steps) to complete a certificate signing request, do the following download openssl light for windows at http //slproweb com/products/win32openssl html note mac users can open terminal and jump to the openssl commands in step 5 to install openssl, follow the instructions in the install wizard open cmd exe go to the location where you installed openssl and at the command line, type cd c \program files (x86)\openssl win32\bin ( or c \program files\openssl win64\bin for 64 bit ) generate the csr openssl genrsa out companyname auth key 2048 openssl req new key companyname auth key out companyname auth csr your csr must not request s/mime capabilities enter the following information into your csr leave the country name, state or province name, locality name, and challenge password fields blank organization name this must be the same string used by your organization when registered with adp common name this is the company name please include “mutualssl” after the company name do not use any special characters example abccompanymutualssl after you have created your csr, follow these steps to submit your request directly to adp security services open the https //cert manager com/customer/adp/device/adpwebservices (no login is required) choose authentication and transaction signing for the certificate type enter your technical contact’s email enter your company name and adp client id note if you are an adp workforce now client, your adp client id is all the characters to the right of the @ symbol in your adp workforce now login name if you don't know your adp client id, contact your adp representative enter your technical contact’s first and last name and a group distribution email to be notified when the generated certificate is reaching its two year expiration date paste the complete contents (including begin certificate request and end certificate request ) of your csr into the csr text box save the signed certificate from adp into a file named companyname auth pem in the same location that you initially created the csr ( c \program files (x86)\openssl win32\bin ) if you are using windows/iis, use the following command to get the key and certificate in pkcs12 format ​​​​​​​openssl pkcs12 export out "c \cert path\companyname auth pfx" name "company name mutual ssl" inkey "c \cert path\companyname auth key" in "c \cert path\companyname auth pem" enter the export password verify the export password the resulting pfx formatted certificate file will be found in the c \cert path folder; companyname auth pfx is the file you'll reference for mutual ssl authentication in the windows/iis configuration make sure you safeguard the key , pfx , and jks files anyone that possesses these confidential files has access to the web service