Add SSL CSR & PFX instructions

.wordlist.txt

@@ -94,6 +94,7 @@ cryptographic
 cryptographically
 CryptoLocker
 CSF
+CSR
 CSV
 CTM
 CTO
@@ -368,12 +369,14 @@ Perl
 personalisation
 PetalBot
 PFS
+PFX
 pfSense
 PhaaS
 PHaaS
 PHP
 PHPMyAdmin
 PID
+PKCS
 plc
 Plesk
 Polkit

source/domains/ssl/generating_csrs.md

@@ -0,0 +1,58 @@
+# How to Generate a CSR File
+
+```eval_rst
+   .. title:: SSL | Generating a CSR
+   .. meta::
+      :title: SSL | Generating a CSR | ANS Documentation
+      :description: Generating a CSR
+```
+This guide will help you generate a Certificate Signing Request (CSR) on different operating systems.
+
+## Pre-requisite reading
+
+On SSL certificates that protect a single hostname/domain, your primary hostname is the hostname/domain you have chosen.
+
+For multi-domain SSL certificates, the primary hostname is the first hostname that
+is listed on your SSL certificate inside [ANS Glass](https://portal.ans.co.uk/ssl/index.php).
+
+You should also ensure to make sure your key and CSR are in a safe folder, as you'll need the the key
+to install the SSL certificate and the CSR to generate your SSL Certificate.
+
+## Generate a CSR on Linux
+
+First, check if OpenSSL is installed:
+
+```shell
+openssl version
+```
+
+If OpenSSL is not installed, you will see an error message. In that case, install OpenSSL:
+
+#### Ubuntu
+
+```shell
+sudo apt install openssl
+```
+
+#### RHEL/AlmaLinux
+
+```shell
+sudo yum install openssl
+```
+
+Now you can generate the CSR. You need to replace `yourhostname` with your primary hostname (Common Name)
+that the SSL will protect.
+
+```shell
+openssl req -new -newkey rsa:2048 -nodes -keyout /path/to/yourhostname.key -out /path/to/yourhostname.csr
+```
+
+## Generate a CSR on Windows
+
+1. Open `IIS Manager`.
+1. Select the server in the `Connections` pane.
+1. Double-click the `Server Certificates` icon.
+1. Click the `Create Certificate Request` link in the Actions pane.
+1. Fill out the `Distinguished Name Properties` form with the required information (`Common Name` (primary hostname), `Organization`, `City/locality`, `State/province`, `Country/region`).
+1. Set the `Cryptographic Service Provider Properties` (Microsoft RSA Schannel Cryptographic Provider and a bit length of 2048).
+1. Create a file name for your CSR and click the Finish button.

source/domains/ssl/generating_pfx_files.md

@@ -0,0 +1,61 @@
+# How to Generate a PFX File
+
+```eval_rst
+   .. title:: SSL | Generating a PFX file
+   .. meta::
+      :title: SSL | Generating a PFX file | ANS Documentation
+      :description: Generating a PFX file
+```
+This guide will help you generate a PFX (also known as PKCS#12) file on different operating systems.
+
+## Generate a PFX file on Linux
+
+First, check if OpenSSL is installed:
+
+```shell
+openssl version
+```
+
+If OpenSSL is not installed, you will see an error message. In that case, install OpenSSL:
+
+#### Ubuntu
+
+```shell
+sudo apt install openssl
+```
+
+#### RHEL/AlmaLinux
+
+```shell
+sudo yum install openssl
+```
+
+Now you can generate the PFX file.
+
+Suppose you have a private key file (`privateKey.key`), a certificate file (`certificate.crt`), an intermediate certificate file (`intermediate.crt`) and a root certificate file (`root.crt`).
+Open a terminal and run the following command:
+
+```shell
+openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile intermediate.crt  -certfile root.crt
+```
+
+You'll be prompted to set an export password to protect the PFX file. Remember this password; you'll need it later.
+
+## Generate a CSR on Windows
+
+Check if OpenSSL is Installed by opening a Windows Command Prompt and entering:
+
+```powershell
+openssl version
+```
+
+If OpenSSL is not installed, you will see an error message. In that case, install OpenSSL following the official instructions located at <a href="https://github.com/openssl/openssl/blob/master/README.md" target="_blank">https://github.com/openssl/openssl/blob/master/README.md</a>.
+
+Suppose you have a private key file (`privateKey.key`), a certificate file (`certificate.crt`), an intermediate certificate file (`intermediate.crt`) and a root certificate file (`root.crt`).
+Open a terminal and run the following command:
+
+```powershell
+openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile intermediate.crt -certfile root.crt
+```
+
+You'll be prompted to set an export password. Remember this password for future use.

source/domains/ssl/index.rst

@@ -6,9 +6,11 @@ SSL Certificates
    :maxdepth: 1
 
    Purchasing and Renewing <buying>
+   Generating A CSR (Certificate Sigining Request) <generating_csrs>
    Validating your Certificate <validating_your_ssl>
-   UKFast SSL Types <types>
+   ANS SSL Types <types>
    Self Signed Certificates <self_signed_certificates>
    Using Server Name Indication (SNI) <sni>
    Extended Validation Certificates <extended_validation_ssl>
+   Generating a PFX file <generating_pfx_files>
    letsencrypt/index