Note: In the interest of better security and the enablement of greater trust, we have decided that 1024-bit keys will now be the minimum strength used in the issuance of thawte digital certificates.
These instructions were provided by Covalent, and at this stage Covalent will provide all technical support for Raven SSL.
Please make sure that you are especially careful to backup the private key once it has been generated. Your certificate will not work without that private key.
For users of Raven 1.2, the certificate generation process is invoked with the following command typed at a shell prompt.
# ./ravenctl -cert
The process first prompts for the name of the certificate. Please enter the server name you wish to generate for.
# ./ravenctl -cert
Name of the server you are issuing certificate for? -->
You are about to generate a new key and key request. The key request
will be sent to the email address of your choice and the keyfile will
reside in /usr/local/ssl/private/example.covalent.net.key.
Choose the size of your key. Smaller key sizes provide faster server
response but will provide diminished security. Keys sizes less than
512 bits are easily cracked. For high security applications you will
probably want a key sized not less than 1024 bits.
The process first prompts for the name of the certificate. Input your choice of key size at the prompt.
# ./ravenctl -cert
Number of bits in key (384 minimum, 1024 maximum)? --> 512
Generating random data, using the truerand library developed by
Matt Blaze, Jim Reeds, and Jack Lacy at AT&T. This may take some time.
Generating 1024 bits of randomness: ................................
Generating 1024 random bits based on measuring the time interval
between your keystrokes. Please enter random text on your keyboard.
Generating the key. This may also take some time. Be patient.
The passphrase you enter here is very important. Do not lose it.
640 semi-random bytes loaded
Generating RSA private key ,512 bit long modulus
...+++++
....+++++
e is 65537 (0x10001)
Choose a pass phrase that is secure. Don't forget this password.
Enter PEM pass phrase: ...................
Verifying password - Enter PEM pass phrase: ...................
Key successfully generated.
You must respond below with "Y" to generate a signing request.
# ./ravenctl -cert
Would you like to send a Certificate Request to a CA? [Y/n]: --> y
A Thawte CSR does *not* require the following options. Answer "N".
Does your CA need the ASN1-Kludge? (VeriSign) [y/N]: --> n
Generating certificate request. This process will also create a temporary certificate for testing until you receive the certificate from your CA. Please enter the following information:
Using configuration from /usr/local/ssl/lib/ssleay.cnf
The pass phrase entered here is the phrase that you chose above.
Enter PEM pass phrase: ...................
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]: US
State or Province Name (full name) [State]: Nebraska
Locality Name (eg, city) [City]: Lincoln
Organization Name (eg, company) [Organization]: Covalent Technologies,Inc.
Organizational Unit Name (eg, section) [Division]: Secure Services
It is important that your Common Name matches the name that the server will identify itself as when serving requests. Enter that server name below. For example, if you will be pointing people at https://www.bob.com/ then your server name would be www.bob.com. If your server has a real name ("adonis") and an alias ("secure" or "www") and you will be pointing people at the alias, then make sure you give the alias here, otherwise the browser will claim that the site name does not match the certificate. It is also important that you give your State name, City name and two-letter UPPER CASE country code. The Organizational Unit field is optional.
Common Name (eg, YOUR name) [www.servername.com]: example.covalent.net
Mailing the CSR to your personal email account will allow you to easily cut and paste the request into the Thawte submission form. Please enter that address below.
Send CSR via Email to? --> yourmail@covalent.net
Certificate request sent to yourmail@covalent.net.
Creating a self-signed certificate for use until your chosen CA delivers your signed certificate.
Using configuration from /usr/local/ssl/lib/ssleay.cnf
The pass phrase entered here is the phrase that you chose above.
Enter PEM pass phrase: ...................
The following questions should match the information previously provided above.
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]: US
State or Province Name (full name) [State]: Nebraska
Locality Name (eg, city) []:Lincoln
Organization Name (eg, company) [Organization]: Covalent Technologies Inc.
Organizational Unit Name (eg, section) [Division]: Secure Services
Common Name (eg, YOUR name) [www.servername.com]: example.covalent.net