95• Organization Name: The registered name of theorganization. This organization must own the domain namethat appears in the common name of the Web server.Do not abbreviate the organization name and do not use anyof the following characters:< > ~ ! @ # $ % ^ * / \ ( ) ?• Organizational Unit Name: The name of the department orgroup that uses the secure Web server.• Common Name: The name of the Web server as it appearsin the URL. This name must be the same as the domainname of the Web server that is requesting a certificate. If theWeb server name does not match the common name in thecertificate, some browsers will refuse a secure connectionwith your site. Do not enter the protocol specifier (http://)or any port numbers or path names in the common name.Wildcards (such as * or ?) and IP address are not allowed.• E-mail Address: Enter the user’s e-mail address.• Subject Alternative Name: Comma-separated list ofURI:, DNS:, IP:, email:address>.Example:URI:http://www.example.com,email:john@example.com,IP:10.1.2.3• Generate new key pair [y]: In most cases you will want togenerate a new key pair for a CSR. However, if a configuredcertificate is approaching its expiration date and you want torenew it without replacing the existing key, answering no (n)is appropriate. The CSR will then be based on the existingkey (for the specified certificate number) instead.• Key size [1024]: Specify the key length of the generated key.The default value is 1024.• Request a CA certificate (y/n) [n]: Lets you specify whetherto request a CA certificate to use for client authentication.Requesting a CA certificate is appropriate if you plan to issueyour own server certificates or client certificates, generatingthem from the requested CA certificate. The default value isto not request a CA certificate.• Specify challenge password (y/n) [n]:2 Generate the CSR.Press ENTER after you have provided the requested information.The CSR is generated and displayed on screen:Nortel VPN GatewayUser GuideNN46120-104 02.01 Standard14 April 2008Copyright © 2007-2008 Nortel Networks.