Stronghold

Note: In the interest of better security and the enablement of greater trust, we have decided that 1024-bit keys will now be the minimum strength used in the issuance of thawte digital certificates. Stronghold Key and CSR Generation Stronghold keys and certificates are managed through three scripts: genkey, getca and genreq. These are part of the normal Stronghold distribution. Keys and certificates are stored in the directory $SSLTOP/private/, where SSLTOP is usually /usr/local/ssl. If you don't yet have a key for your server: Type genkey servername to create a key called servername.key in the ssl/private directory. This script will also generate a CSR: follow the instructions given there and choose Thawte as your CA. When you are done, make sure you have a backup of the entire ssl/private directory of your Stronghold installation. Your certificate will not work if you lose the private key you just generated. If you already have a key for your server: Type genreq servername to generate only a CSR. Again, choose Thawte as your CA and follow the instructions to get the CSR for pasting into our online request form. Once you have been issued with a certificate, you should use the getca servername < certfile command to install the certificate.