Raven SSL

Note: In the interest of better security and the enablement of greater trust, we have decided that 1024-bit keys will now be the minimum strength used in the issuance of thawte digital certificates. These instructions were provided by Covalent, and at this stage Covalent will provide all technical support for Raven SSL. Please make sure that you are especially careful to backup the private key once it has been generated. Your certificate will not work without that private key. For users of Raven 1.2, the certificate generation process is invoked with the following command typed at a shell prompt. # ./ravenctl -cert The process first prompts for the name of the certificate. Please enter the server name you wish to generate for. # ./ravenctl -cert Name of the server you are issuing certificate for? --> example.covalent.net ###################################################################### The key name chosen is example.covalent.net.key. The certificate name is example.covalent.net.cert. The key/certificate pairs will be stored in /usr/local/ssl. ###################################################################### You are about to generate a new key and key request. The key request will be sent to the email address of your choice and the keyfile will reside in /usr/local/ssl/private/example.covalent.net.key. Choose the size of your key. Smaller key sizes provide faster server response but will provide diminished security. Keys sizes less than 512 bits are easily cracked. For high security applications you will probably want a key sized not less than 1024 bits. The process first prompts for the name of the certificate. Input your choice of key size at the prompt. # ./ravenctl -cert Number of bits in key (384 minimum, 1024 maximum)? --> 512 Generating random data, using the truerand library developed by Matt Blaze, Jim Reeds, and Jack Lacy at AT&T. This may take some time. Generating 1024 bits of randomness: ................................ Generating 1024 random bits based on measuring the time interval between your keystrokes. Please enter random text on your keyboard. Generating the key. This may also take some time. Be patient. The passphrase you enter here is very important. Do not lose it. 640 semi-random bytes loaded Generating RSA private key ,512 bit long modulus ...+++++ ....+++++ e is 65537 (0x10001) Choose a pass phrase that is secure. Don't forget this password. Enter PEM pass phrase: ................... Verifying password - Enter PEM pass phrase: ................... Key successfully generated. You must respond below with "Y" to generate a signing request. # ./ravenctl -cert Would you like to send a Certificate Request to a CA? [Y/n]: --> y A Thawte CSR does *not* require the following options. Answer "N". Does your CA need the ASN1-Kludge? (VeriSign) [y/N]: --> n Generating certificate request. This process will also create a temporary certificate for testing until you receive the certificate from your CA. Please enter the following information: Using configuration from /usr/local/ssl/lib/ssleay.cnf The pass phrase entered here is the phrase that you chose above. Enter PEM pass phrase: ................... You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]: US State or Province Name (full name) [State]: Nebraska Locality Name (eg, city) [City]: Lincoln Organization Name (eg, company) [Organization]: Covalent Technologies,Inc. Organizational Unit Name (eg, section) [Division]: Secure Services It is important that your Common Name matches the name that the server will identify itself as when serving requests. Enter that server name below. For example, if you will be pointing people at https://www.bob.com/ then your server name would be www.bob.com. If your server has a real name ("adonis") and an alias ("secure" or "www") and you will be pointing people at the alias, then make sure you give the alias here, otherwise the browser will claim that the site name does not match the certificate. It is also important that you give your State name, City name and two-letter UPPER CASE country code. The Organizational Unit field is optional. Common Name (eg, YOUR name) [www.servername.com]: example.covalent.net Email Address [webmaster@servername.com]: webmaster@covalent.net Using configuration from /usr/local/ssl/lib/ssleay.cnf Certificate Request: Data: Version: 0 (0x0) Subject: C=US, ST=Nebraska, L=Lincoln, O=Covalent Tecnologies Inc., OU=Secure Services, CN=example.covalent.net/Email=webmaster@covalent.net Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): 00:c0:34:7e:a5:02:f7:35:8e:42:7b:ce:69:e9:31: c0:4e:fd:d2:a7:6e:2f:ee:0b:09:84:00:b5:dc:49: 3c:36:0b:82:74:7b:c8:65:3b:c4:85:b1:f8:71:86: 78:71:39:7c:03:16:c0:2b:50:d4:f1:dd:2a:f2:ce: f3:68:35:d7:43 Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 40:26:58:76:fe:a5:69:ab:fe:fd:f6:6e:0d:3b:f8:79:06:7e: 96:e3:1f:e0:44:12:c1:51:c6:58:f8:38:85:92:67:4e:99:ba: 3e:55:42:94:31:94:50:ba:96:19:4e:31:4a:d4:39:d6:91:12: 10:64:20:38:9c:df:df:ea:c8:72 Webmaster email: webmaster@covalent.net Webmaster phone: +1.402.441.5710 Mailing the CSR to your personal email account will allow you to easily cut and paste the request into the Thawte submission form. Please enter that address below. Send CSR via Email to? --> yourmail@covalent.net Certificate request sent to yourmail@covalent.net. Creating a self-signed certificate for use until your chosen CA delivers your signed certificate. Using configuration from /usr/local/ssl/lib/ssleay.cnf The pass phrase entered here is the phrase that you chose above. Enter PEM pass phrase: ................... The following questions should match the information previously provided above. You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]: US State or Province Name (full name) [State]: Nebraska Locality Name (eg, city) []:Lincoln Organization Name (eg, company) [Organization]: Covalent Technologies Inc. Organizational Unit Name (eg, section) [Division]: Secure Services Common Name (eg, YOUR name) [www.servername.com]: example.covalent.net Email Address [webmaster@servername.com]: webmaster@covalent.net Key and certificate have been successfully installed. CSR generation process is complete. Check your email to obtain the CSR. Cut and paste this request into the Thawte request forms. Again, please backup the contents of /usr/local/ssl/private so that you are sure you have backup copies of your private key.