What is a CSR?

A Certificate Signing Request (CSR) is an encrypted text file used in the creation and issuing of your SSL certificate. This file contains an encrypted version of the information needed by a Certificate Authority (CA), such as GeoTrust, to create and issue your new SSL. A CSR is always required when issuing an SSL Certificate.

Example CSR

Below is an example of a CSR. This is a text file generated by your web server for use in creating your SSL Certificate. For instructions on generating a CSR for use with Domain.com Hosting or popular web servers, click here.

-----BEGIN CERTIFICATE REQUEST-----
MIIBzDCCATUCAQAwgYsxHDAaBgNVBAMTE3d3dy50aGlzaXNhdGVzdC5jb20xCzAJ BgNVBAYTAlpBMRkwFwYDVQQIExBXZXN0ZXJuIFByb3ZpbmNlMRIwEAYDVQQHEwlD YXBlIFRvd24xEjAQBgNVBAoTCVRlc3QgQ29ycDEbMBkGA1UECxMSVGVzdGluZyBE ZXBhcnRtZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVzfmv7vJ9bOyQ dxMLlgtDIEFz7MWsOUoZOPTq3qsTTXPW61q01jY8eQfs96I5xPjxALPeT4m74cce UtYxldG7pLJiB3SGU94yvyvHDiyV+6mV/e++KWT2ql0Jv1emmobmAGdUxdx2pW9C Epr0DmcVny6VGWAI36bG0NdYrNix4QIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEA BfSHgDr9Vc460YG+lAiWuVWEife8B4QOojiV8oUxJJDqbA2CEEmXLWfa7/mfUtd5 EQd6voLDT8axpXPbOrmwa3kzEZvQZhg+QvKEyIfncqdWbDUk71tO0fVafBKwRQfE 73J/THmVABZuz9T6X3+KWGxGDiYw0sY3bE7OjBCwr14=
-----END CERTIFICATE REQUEST-----

CSRs are most frequently created on the actual web server where your website is hosted. If you have access to your server's control panel or command line, you can likely generate your own CSR without additional help. Instructions for generating a CSR vary by web server. While Apache and Windows IIS are today's most popular web servers, for your convenience, we have also included instructions for generating CSRs on many other commonly used web servers.

Once your CSR is created, you will be provided with both the CSR text (see example above) and the Private Key text. While the blocks of text may appear similar, they contain different encrypted information. Your CSR will be included in the final SSL Certificate while the Private Key is kept private (and is used to digitally sign your CSR).

When you are creating your CSR, you will be asked to provide several pieces of information: Common Name (i.e. the domain name where the SSL certificate will function), organization, country, key bit length (many SSL Certificates require a minimum of 1024 bits), email, and more.

Once your CSR and Private Key are supplied, be sure to save both the CSR and Private Key into a file where they will be accessible at a later time. DO NOT LOSE YOUR PRIVATE KEY. If you misplace your private key, you will likely have to generate an entirely new CSR and Private Key, as well as request a reissue of your SSL Certificate before you can digitally sign your certificate.

CSR Hosting

Generate CSR and Install an SSL Certificate for Domain.com Hosting

In order to purchase an SSL Certificate to be used in conjunction with a Domain.com Hosting account, you will need to complete the following steps prior to purchasing your SSL Certificate:

1. Purchase an Exclusive IP Address (if you don't already have one)
2. Install your Exclusive IP Address
3. Generate Your CSR and Save Your Private Key
4. Install your SSL Certificate

Purchase an Exclusive IP Address

Your website must be hosted on an Exclusive IP address in order to use an SSL Certificate. Hosting accounts by default do not include an Exclusive IP. To purchase one for $3/month, follow these directions:

For Windows and Linux Hosting:

1. Log into your account.
2. Click on My Billing.
3. Click on the Update/Modify Billing button next to the Package ID.
4. Click the Upgrade/Downgrade Resource(s) button.
5. Click the shopping cart Upgrade link to the right of "Number of IP addresses".
6. Enter the number of IP Addresses you would like to purchase in the box labeled Place Upgrade Order For (Note: Each IP address is one (1) unit). You will need 1 IP Address per SSL Certificate.
7. Click the Next button in the lower right of the page.
8. Click the Place Order button in the upper right hand corner of the page.

NOTE: It may take 15-20 minutes for your new IP addresses to be ready. Please wait for the IP address to be ready prior to attempting to install the IP.

Install Your Exclusive IP Address

For Windows Hosting:

1. When logged into your account, click My Services.
2. Click Manage Hosting Services next to the hosting package where you want to use your SSL Certificate.
3. Click Domain Overview, then Domain Administration, and then on the Domain Name where you'd like to install the Exclusive IP (and ultimately use the SSL Certificate).
4. Click the Web tab, then click Edit.
5. Select New Exclusive IP, then click Submit.

For Linux Hosting:

1. When logged into your account, click My Services.
2. Click Manage Hosting Services next to the hosting package where you want to use your SSL Certificate.
3. Click Web Space.
4. Click Website Configuration.
5. Click Edit at the bottom of the page.
6. Change IP Address Type to Exclusive IP and click Submit.

Generate Your CSR and Save Your Private Key

For Windows Hosting:

NOTE: When the CSR is generated, you MUST save the private key as well. If the private key is lost, the certificate must be reissued.

1. When logged into your account, click My Services.
2. Click Manage Hosting Services next to the hosting package where you want to use your SSL Certificate.
3. Click Domain Overview, then Domain Administration, and then on the Domain Name where you'd ultimately like to install the SSL Certificate.
4. Click the Web tab, then click Edit.
5. Go to the SSL sub-tab.
6. Select Generate CSR.
7. Complete the form with the requested information. Bit length should always be 1024 and key type will be RSA.
8. Copy the CSR into the SSL order form, and save the private key as a text file for later use.

For Linux Hosting:

NOTE: When the CSR is generated, you MUST save the private key as well. If the private key is lost, the certificate must be reissued.

1. When logged into your account, click My Services.
2. Click Manage Hosting Services next to the hosting package where you want to use your SSL Certificate.
3. Click Web Space.
4. Go to the Certificates tab.
5. Click on Request.
6. Complete the form with the requested information. Bit length should always be 1024 and key type will be RSA.
7. Copy the CSR into the SSL order form, and save the private key as a text file for later use.

Install Your SSL Certificate

For Windows Hosting:

1. Click My Services.
2. Click Manage Hosting Services next to the hosting package where you want to use your SSL Certificate.
3. Click Domain Overview, then Domain Administration, and then on the Domain Name where you'd like to install the SSL Certificate.
4. Click the Web tab, then click Edit.
5. Go to the SSL sub-tab.
6. Click Install Certificate.
7. Choose Clipboard and select Next.
8. Paste the Private Key that you saved earlier into the text box, then the SSL Certificate into the appropriate box. Leave CA certificate blank.
9. Click Submit and the certificate is now installed.

Note: It may take several minutes for the certificate to fully install. If after 15-20 minutes the certificate is not working properly, there is likely a problem. Contact customer support for additional assistance.

For Linux Hosting:

1. Click My Services
2. Click Manage Hosting Services next to the hosting package where you want to use your SSL Certificate.
3. Click Web Space, then Website Configuration.
4. Click the SSL tab.
5. Click Install Certificate.
6. Choose Certificate and Clipboard and hit Next.
7. Paste the Private Key and SSL Certificate into the appropriate text boxes.
8. Click Next. If what you've inputted is valid, the system will tell you that you've already installed the certificate.
9. Click Submit and the certificate is now installed.

Note: It may take several minutes for the certificate to fully install. If after 15-20 minutes the certificate is not working properly, there is likely a problem. Contact customer support for additional assistance.

Apache CSR

Apache-SSL / Apache ModSSL Key and CSR Generation Instructions:

An Important Note Before You Start:

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use your SSL certificate and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

The utility "openssl" that you use to generate the private key and CSR comes with the OpenSSL toolkit and is usually installed under /usr/bin. If you have installed it elsewhere you will need to modify these instructions appropriately.

The following sequence of commands will generate a 1024 bit key, encrypt it using the triple-DES cipher, and create a CSR based upon it (they assume that you have openssl in your path - if not then you should prefix the openssl command with the path to the binary). You should use the domain name that you are wishing to have certified as the core of the filenames. You should also make sure you do not overwrite existing keys and CSR's.

1. Generate the private key

Please type the following command at the prompt:

openssl genrsa -des3 -out www.example.com.key 1024

This command will generate a 1024 bit RSA private key and store it in the file www.example.com.key. It will ask you for a pass phrase: use something secure and remember it. Your certificate will be useless without it's corresponding key.

Note: If you don't want to protect your key with a pass phrase (only if you absolutely trust the server machine, and you make sure the permissions are carefully set so only you can read that key) you can leave out the -des3 option above.

2. Generate the CSR

Please type the following command at the prompt:

openssl req -new -key www.example.com.key -out www.example.com.csr

This command will prompt you for the X.509 attributes of your certificate. Enter your country, state or province and locality or city. You should enter the company name as it appears on your official company registration documents. The organization unit is optional. To skip the organization unit (OU) field please press enter on your keyboard.

The term "Common Name" is X.509 speak for the name that distinguishes the certificate best, and ties it to your Organization. Enter your exact host and domain name that you wish to secure. Example: If you wish to secure www.example.com, then you will need to enter the exact host (www) and domain name (example.com) in this field. If you enter example.com then the certificate issued to you will only work error free on https://example.com. It will cause a certificate mismatch error when you or your users access the domain via https:// www.example.com.

Please do not enter your email address, challenge password or an optional company name when generating the CSR. You have now created a public/private key pair. The private key (www.example.com.key) is stored locally on your machine and is used for decryption. The public portion is entered into the CSR field during shopping cart checkout when purchasing your SSL Certificate (certrequest.csr), and will be used by your users to encrypt the data they send to your site. The Certificate Signing Request (CSR) looks something like this:

3. Backup your private key

Please backup your www.example.com.key file and make a note of the pass phrase. A good choice is to create a copy of this file onto a diskette or other removable media.

These directions are provided courtesy of Thawte®.

CSR cPanel WHM | cPanel Key and CSR Generation Instructions:

• cPanel 10
• cPanel 11

cPanel 10

The first step to installing a SSL certificate from a trusted provider is to create a private key file to be used with your SSL certificate.

Please note that this private key file must be used with the specific SSL certificate for which it is created. This private key is secret and should not be given out. Also, there is no way to recover a private key file if it is lost.

Creating a Private Key File

1. To create a private key file, click on the
   "key"
   icon above Private Keys (KEY).
2. Scroll down to Generate a New Key and select the domain you wish to use the SSL certificate on. NOTE: If you wish to use the SSL certificate on a subdomain such as secure.domain.com, you will need to first create that subdomain.
3. After you've selected the domain you wish to use, click on Generate to create the public key file.
4. After you've created the public key file, you'll need to generate a certificate signing request.

Generating a Certificate Signing Request

1. To generate a CSR, click on the
   icon above Certificate Signing Requests (CSR).
2. Now, you must complete all off the fields listed in the signing request form.
3. To start, select the host for your certificate from the drop box. The host is the domain (frequently called Common Name) you've created a private key for.
4. Next, you will need to enter the Country that you are located in. The State or Locality that you are located in (do not abbreviate). The City you are located in (do not abbreviate). Your Company's name. The Company Division the site belongs to. The Email address that the certificate should be sent to and a Pass Phrase if you choose to use one. The pass phrase is a challenge password used by Apache at startup to decrypt your SSL private key.
5. After you have filled out the necessary information, click on Generate to generate the signing request. Check the output for errors if the request does not appear under Certificate Signing Requests on Server.

cPanel 11

The first step in generating an SSL certificate is to create a Private Key. Start by reading the instructions in the "Private Keys (KEY)" section below.

Step 1: Private Keys (KEY)

1. Under the Security section, click on SSL/TLS Manager.
2. Click on the Generate, view, upload, or delete your private keys link.
3. When the page loads, scroll to the bottom and you will see the "Generate a New Key" section. Enter the domain for which you want to create an SSL Certificate in the "Host" text box. Or you can select the domain from the "Select a Domain" drop down menu.
4. Click on the Generate button.
5. Click on the Return to SSL Manager link.
6. When the page loads, click on the Go Back link. This will take you to the main "SSL/TLS Manager" page.
7. Continue with "Step 2" below.

Step 2: Certificate Signing Requests (CSR)

1. Click on the Generate, view, or delete SSL certificate signing requests link.
2. When the page loads, set the following:
   • Host - Select the domain name from the drop down menu.
   • Country - Enter your two-digit country code.
   • State - Enter the state's full name. Do not abbreviate
   • City - Enter your city's name. Do not abbreviate.
   • Company - Enter your company's name.
   • Company Division - Enter your company's division.
   • Email - Enter your email address.
   • Pass Phrase - Enter any phrase you want to use for the pass phrase.
3. Click on the Generate button.
4. Click on the Go Back link.
5. Make a copy of the CSR. You will need to enter it into the appropriate field during the SSL Certificate purchase process.

Microsoft CSR | Microsoft IIS Key and CSR Generation Instructions:

• Microsoft IIS 5
• Microsoft IIS 6
• Microsoft IIS 7

Microsoft IIS 5

An Important Note Before You Start:

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use your SSL certificate and will need to request a free reissue. To ensure this never happens, we advise you to make a backup of your private key and make note of the password used to protect the export of the private key.

1. Start the Key/CSR Generation Process:

Under Administrative Tools, open the Internet Services Manager. Then open up the properties window for the website you wish to request the certificate for. Right-clicking on a particular website will open up its properties.

2. Click the Directory Security tab

Click the Directory Security tab and then click on the "Server Certificate" button in the Secure communications section. This will start the Web Site Certificate Wizard.

3. Select "Create a new certificate"

From the Web Site Certificate Wizard, select the "Create a new Certificate" option.

4. Prepare the request

Select the "Prepare the request now, but send it later" option from the list. You will need to prepare the request now but will only submit the request (CSR) via our online request forms.

5. Enter a certificate name and the certificate strength

At this point you will decide what encryption strength your Private Key and CSR will be set at. It is advised to choose a 1024-bit key size. Please note that you can choose a larger key size although some browsers may have difficulty making a session with a bigger key size. The option Server Gated crypto (SGC) defaults the keylength to 1024. Merely choosing this option will not mean that you'll automatically get issued with a SGC SuperCert. If you do want a SGC SuperCert you will need to submit the CSR for a SGC SuperCert in the certificate enrollment process.

You have now created a public/private key pair. The private key is stored locally on your machine in the MMC, and is used for decryption. The public portion is sent to the company issuing the certificate in the form of a Certificate Signing Request (CSR), and will be used by your users to encrypt the data they send to your site.

You will now create a Certificate Signing Request (CSR). This information will be displayed on your certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. Certain characters must be excluded from your CSR fields, or your certificate may not work.

6. Enter your Organization Information

You should enter the company name as it appears on your official company registration documents. The organization unit is optional but IIS 5.0 makes this field compulsory therefore please specify an organization unit.

7. Enter your common name

The term "common name" is X.509 speak for the name that distinguishes the certificate best, and ties it to your Organization. Enter your exact host and domain name that you wish to secure. Example: If you wish to secure www.example.com, then you will need to enter the exact host (www) and domain name (example.com) in this field. If you enter example.com then the certificate issued to you will only work error free on https://example.com. It will cause a certificate mismatch error when you or your users access the domain via https:// www.example.com.

8. Enter the geographical details of your Organization

Enter your country, state or province and locality or city.

9. Choose a filename to save the request to

Enter the file name for the certificate request (CSR) and the location of where you would like to save the file (we recommend you click the 'browse' button and select a location to save the CSR file to). Then click "Next".

10. Confirm your request details

The next page will display the summary of the certificate request.

11. Finish and exit the IIS Certificate Wizard

Click on 'Finish' to complete the "Web Server Certificate wizard".

Microsoft IIS 6

An Important Note Before You Start:

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use your SSL certificate and will need to request a free reissue. To ensure this never happens, we advise you to make a backup of your private key and make note of the password used to protect the export of the private key.

1. Start the Key/CSR Generation Process:

Under Administrative Tools, open the Internet Services Manager. Then open up the properties window for the website you wish to request the certificate for. Right-clicking on the particular website will open up its properties.

2. Click the Directory Security tab

Click the Directory Security tab and then click on the "Server Certificate" button in the Secure communications section. This will start the Web Site Certificate Wizard.

3. Select "Create a new certificate"

From the Web Site Certificate Wizard, select the "Create a new Certificate" option.

4. Prepare the request

Select the "Prepare the request now, but send it later" option from the list. You will need to prepare the request now but will only submit the request (CSR) via our online request forms.

5. Enter a certificate name and the certificate strength

At this point you will decide what encryption strength your Private Key and CSR will be set at. It is advised to choose a 1024-bit key size. Please note that you can choose a larger key size although some browsers may have difficulty making a session with a bigger key size. Do not check the option 'Select cryptographic service provider (CSP) for this certificate'.

You have now created a public/private key pair. The private key is stored locally on your machine in the MMC, and is used for decryption. The public portion is sent to the company issuing the certificate in the form of a Certificate Signing Request (CSR), and will be used by your users to encrypt the data they send to your site.

You will now create a Certificate Signing Request (CSR). This information will be displayed on your certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. Certain characters must be excluded from your CSR fields, or your certificate may not work.

6. Enter your Organization Information

You should enter the company name as it appears on your official company registration documents. The organization unit is optional but IIS 6.0 makes this field compulsory therefore please specify an organization unit.

7. Enter your common name

The term "common name" is X.509 speak for the name that distinguishes the certificate best, and ties it to your Organization. Enter your exact host and domain name that you wish to secure. Example: If you wish to secure www.example.com, then you will need to enter the exact host (www) and domain name (example.com) in this field. If you enter example.com then the certificate issued to you will only work error free on https://example.com. It will cause a certificate mismatch error when you or your users access the domain via https:// www.example.com.

8. Enter the geographical details of your Organization

Enter your country, state or province and locality or city.

9. Choose a filename to save the request to

Enter the file name for the certificate request (CSR) and the location of where you would like to save the file (we recommend you click the 'browse' button and select a location to save the CSR file to). Then click "Next".

10. Confirm your request details

The next page will display the summary of the certificate request.

11. Finish and exit the IIS Certificate Wizard

Click on 'Finish' to complete the "Web Server Certificate wizard".

12. Backup your private key

If you create a new CSR, or new Key for the same web site, you will overwrite the ones you used to request your certificate. If that happens, you cannot use the certificate you were issued and will need to request a reissue. Please ensure you have a backup of your private key in case it is lost or overwritten. Please backup your private key.

Microsoft IIS 7

1. Choose Start > Administrative Tools > Internet Information Services (IIS) Manager

2. In the IIS Manager, choose your server name.

3. In the Features pane (the middle pane), double-click the Server Certificates option located under the Security heading.

4. You will notice two default certificates already installed on this server.

To begin the process of requesting a new certificate, from the Actions pane, choose the Create Certificate Request option.

5. The first screen of the wizard asks for details regarding the new site.

The common name should match the fully-qualified domain name for the site. Otherwise, provide information about your site, making sure to spell out the name of your state and locality.

6. Click Next to continue.

7. The next screen of the wizard asks you to choose cryptography options.

The default, Microsoft RSA SChannel Cryptography Provider is fine. A key length of 1,024 bits is the default option and is fine as well.

8. Click Next to continue.

9. Finally, provide a filename to which to save the certificate request.

You will need the contents of this file in the next step, so make sure you know where to find it.

These directions are provided courtesy of VeriSign®.

Plesk CSR | Plesk Key and CSR Generation Instructions:

• Plesk 8 - Linux & Windows
• Plesk 9 - Linux & Windows

Plesk 8 - Linux & Windows

To secure your control panel with an SSL certificate from other certificate authorities:

1. Go to Server > Certificates. A list of SSL certificates that you have in your repository will be displayed.
2. Click Add New Certificate.
3. Specify the certificate properties:
   • Certificate name. This will help you identify this certificate in the repository.
   • Encryption level. Choose the encryption level of your SSL certificate. We recommend that you choose a value more than 1024 bit.
   • Specify the host name for which you wish to purchase an SSL certificate. For example: your-domain.com
   • Enter your e-mail address.
4. Make sure that all the provided information is correct and accurate, as it will be used to generate your private key.
5. Click Request. Your private key and certificate signing request will be generated and stored in the repository.
6. In the list of certificates, click the name of the certificate you need. A page showing the certificate properties opens.
7. Locate the CSR section on the page, and copy the text that starts with the line -----BEGIN CERTIFICATE REQUEST----- and ends with the line -----END CERTIFICATE REQUEST----- to the clipboard.

Plesk 9 - Linux & Windows

To secure your control panel with an SSL certificate from other certificate authorities:

1. On your Home page, click the Security group title. A drop-down menu opens. In this menu, select SSL Certificates. A list of SSL certificates that you have in your repository will be displayed.
2. Click Add SSL Certificate.
3. Specify the certificate properties:
   • Certificate name. This will help you identify this certificate in the repository.
   • Encryption level. Choose the encryption level of your SSL certificate. We recommend that you choose a value more than 1024 bit.
   • Specify your location and organization name. The values you enter should not exceed the length of 64 symbols.
   • Specify the host name for which you wish to purchase an SSL certificate. For example: your-domain.com
   • Enter your e-mail address.
4. Make sure that all the provided information is correct and accurate, as it will be used to generate your private key.
5. Click Request. Your private key and certificate signing request will be generated and stored in the repository.
6. In the list of certificates, click the name of the certificate you need. A page showing the certificate properties opens.
7. Locate the CSR section on the page, and copy the text that starts with the line -----BEGIN CERTIFICATE REQUEST----- and ends with the line -----END CERTIFICATE REQUEST----- to the clipboard.

CSR Popular Web Servers | Generate a Certificate Signing Request (CSR)

We've included links to instructions for generating CSRs on several of today's most popular web servers. If your server is not listed, please reference your web server's documentation.

NOTE: When creating your CSR, you'll be asked to complete a signing request form. For descriptions of each term used in that form, click here.

• Domain.com Hosting
• Apache-SSL / Apache ModSSL
• cPanel/WHM 11
• cPanel/WHM 10
• Microsoft IIS 7
• Microsoft IIS 6
• Microsoft IIS 5
• Plesk 9
• Plesk 8

CSR Fields

You will need to provide several pieces of information when creating your CSR.

Common Name/Domain Name

• This includes the Fully Qualified Domain Name for your certificate (in other words, the web address where you plan to use your SSL Certificate). You must enter the exact web address where you want to use your SSL certificate. For instance, if you want your certificate to work on secure.example.com, you need to enter secure.example.com into the Common Name field.

Examples:

• www.example.com
• secure.example.com
• blog.example.com

• Wildcard Certificates: If you want to create a Wildcard SSL (which will work on any subdomain), you must input an asterisk (*) in place of the subdomain position. For instance, to create a wildcard SSL Certificate that will secure both www.example.com and secure.example.com, you would input *.example.com into the Common Name field.

• Examples:

• *.example.com

Organization

Enter the precise legal name of your organization, without abbreviations. For instance: ABC Corporation or Budget Car Sales LLC.

Organizational Unit

Denotes the division or department of the organization using this SSL Certificate. For example: Marketing, Sales, Customer Service

City or Locality

The city where your organization is officially located, i.e. your physical address. Do not abbreviate. Example: Do not use "LA" in place of "Los Angeles."

State or Province

The state or province where your organization is officially located, i.e. your physical address. Do not abbreviate. Example: Do not use "WA" in place of "Washington."

Country (C)

The two-letter ISO Country Code abbreviation for the country where your organization is officially located. Example: US, CA, MX.

Email

Any email address associated with the applicant. This email address will not be used to process your order.

Key Bit Length

A key bit length of at least 1024 is suggested. Extended Validation (EV) certificates require a 2048 key bit length. This bit length reflects only the initial key exchange, not the level of encryption on your SSL Certificate.

Afghanistan	AF
Albania	AL
Algeria	DZ
American Samoa	AS
Andorra	AD
Angola	AO
Anguilla	AI
Antarctica	AQ
Antigua and Barbuda	AQ
Argentina	AR
Armenia	AM
Aruba	AW
Austria	AT
Australia	AU
Azerbaidjan	AZ
Bahamas	BS
Bahrain	BH
Bangladesh	BD
Barbados	BB
Belarus	BY
Belgium	BE
Belize	BZ
Benin	BJ
Bermuda	BM
Bolivia	BO
Bosnia-Herzegovina	BA
Botswana	BW
Bouvet Island	BV
Brazil	BR
British Indian Ocean Terr	IO
Brunei Darussalam	BN
Bulgaria	BG
Burkina Faso	BF
Burundi	BI
Buthan	BT
Cambodia	KH
Cameroon	CM
Canada	CA
Cape Verde	CV
Cayman Islands	KY
Central African Republic	CF
Chad	TD
Chile	CL
China	CN
Christmas Island	CX
Cocos (Keeling) Islands	CC
Colombia	CO
Comoros	KM
Congo	CG
Cook Islands	CK
Costa Rica	CR
Croatia	HR
Cyprus	CY
Czech Republic	CZ
Denmark	DK
Djibouti	DJ
Dominica	DM
Dominican Republic	DO
East Timor	TP
Ecuador	EC
Egypt	EG
El Salvador	SV
Equatorial Guinea	GQ
Estonia	EE
Ethiopia	ET
Falkland Islands (Malvinas)	FK
Faroe Islands	FO
Fiji	FJ
Finland	FI
France	FR
French Southern Terr	TF
Gabon	GA
Gambia	GM
Georgia	GM
Germany	DE
Ghana	GH
Gibraltar	GI
Greece	GR
Greenland	GL
Grenada	GD
Guadeloupe (French)	GP
Guam (US)	GT
Guinea Bissau	GW
Guinea	GN
Guyana (French)	GF
Guyana	GY
Haiti	HT
Heard and McDonald Is	HM
Hong Kong	HK
Hungary	HU
Iceland	IS
India	IN
Indonesia	ID
Ireland	IE
Israel	IL
Italy	IT
Ivory Coast	IC
Jamaica	JM
Japan	JP
Jordan	JO
Kazachstan	KZ
Kenya	KE
Kirgistan	KG
Kiribati	KI
Kuwait	KW
Laos	LA
Latvia	LV
Lebanon	LB
Lesotho	LS
Liberia	LR
Liechtenstein	LI
Lithuania	LT
Luxembourg	LU
Macau	MO
Madagascar	MG
Malawi	MW
Malaysia	MY
Maldives	MV
Mali	ML
Malta	MT
Marshall Islands	MH
Martinique (French)	MQ
Mauritania	MR
Mauritius	MU
Mexico	MX
Micronesia	FM
Moldavia	MD
Monaco	MC
Mongolia	MN
Montenegro	ME
Montserrat	MS
Morocco	MA
Mozambique	MZ
Myanmar	MM
Namibia	NA
Nauru	NR
Nepal	NP
Netherland Antilles	AN
Netherlands	NL
Neutral Zone	NT
New Caledonia (French)	NC
New Zealand	NZ
Nicaragua	NI
Niger	NE
Nigeria	NG
Niue	NU
Norfolk Island	NF
Northern Mariana Is	MP
Norway	NO
Oman	OM
Pakistan	PK
Palau	PW
Panama	PA
Papua New	PG
Paraguay	PY
Peru	PE
Philippines	PH
Pitcairn	PN
Poland	PL
Polynesia (French)	PF
Portugal	PT
Puerto Rico (US)	PR
Qatar	QA
Reunion (French)	RE
Romania	RO
Russian Federation	RU
Rwanda	RW
Saint Helena	SH
Saint Kitts Nevis Anguilla	KN
Saint Lucia	LC
Saint Pierre and Miquelon	PM
Saint Tome and Principe	ST
Saint Vincent and Grenadines	VC
Samoa	WS
San Marino	SM
Saudi Arabia	SA
Senegal	SN
Serbia	RS
Seychelles	SC
Slovenia	SL
Singapore	SG
Slovak Republic	SK
Slovenia	SI
Solomon Islands	SB
Somalia	SO
South Africa	ZA
South Georgia & Sandwich Is	GS
South Korea	KR
Soviet Union	SU
Spain	ES
Sri Lanka	LK
Sudan	SD
Suriname	SR
Svalbard and Jan Mayen Is	SJ
Swaziland	SZ
Sweden	SE
Switzerland	CH
Tadjikistan	TJ
Taiwan	TW
Tanzania	TZ
Thailand	TH
Togo	TG
Tokelau	TK
Tonga	TO
Trinidad and Tobago	TT
Tunisia	TN
Turkey	TR
Turkmenistan	TM
Turks and Caicos Islands	TC
Tuvalu	TV
Ukraine	UA
United Arab Emirates	AE
United Kingdom	GB
United States	US
Uruguay	UR
US Minor Outlying Islands	UM
Uzbekistan	UZ
Vanuatu	VU
Vatican City State	VA
Venezuela	VE
Vietnam	VN
Virgin Islands (British)	VG
Virgin Islands (US)	VI
Wallis and Futuna Islands	WF
Western Sahara	EH
Yemen	YE
Zaire	ZR
Zambia	ZM
Zimbabwe	ZW