Certificate Signing Request (CSR) Generation - C2Net Stronghold
Note: Keys and certificates are managed through three scripts: genkey, getca and
genreq. These are part of the normal Stronghold distribution. Keys and certificates are
stored in the directory$SSLTOP/private/, where SSLTOP is typically /usr/local/ssl.
To generate a key pair and CSR for your server:
- Run genkey, specifying the name of the host or virtual host: genkey hostname. The genkey
script displays the filenames and locations of the key file and CSR file it will generate:
- Key file: /usr/local/www/sslhostname.key
- CSR file: /usr/local/www/sslhostname.cert
Note: If you already have a key for your server, run genreq [servername] to generate
only the CSR.
- Press Enter. The genkey script reminds you to be sure you are not overwriting an
existing key pair and certificate.
- When prompted, enter a key size in bits. It is recommended that you use the largest key
size available: e.g. 1024 if available.
- When prompted, enter random key strokes. Stop when the counter reaches zero and genkey
beeps. This random data is used to create a unique public and private key pair.
- When prompted, enter 'y' to create the key pair and CSR.
- For your CA select 'Other'.
- Enter the two-letter country code for your country. You must use the correct ISO country
code, other abbreviations will not be recognized. For example the correct code for
the United Kingdom is GB, not UK.
- Enter the full name of your state or province. For UK based installations, use YourCounty,
e.g. Surrey.
- Enter the name of your city, town, or other locality.
- Enter the name of your organisation.
- Enter the name of your unit within the specified organisation.
- Enter your web site's fully-qualified name. For example www.company.com. This is also
known as your site's common name. Do not include the protocol, such as http:// or
ftp://.
- When you have finished entering the CSR data, genkey automatically creates the CSR.
Back up your key file and CSR on a floppy disk and store the disk in a secure location.
If you lose your private key or forget the password, you will not be able to install your
certificate.
Copyright © Trustis Limited 2010. All
Rights Reserved
This document is licensed for use only in conjunction with the use of Trustis Trust
Services