SSLeay-based Servers

Generate a CSR for SSLeay Solution ID: vs27699 Answer: Note: In the interest of better security and the enablement of greater trust, we have decided that 1024-bit keys will now be the minimum strength used in the issuance of thawte digital certificates. SSLeay Key and CSR Generation More and more secure web servers and value-added cryptographic applications are using the SSLeay free cryptographic toolkit, which includes a variety of libraries and utilities to manage secure sockets and public key cryptography. SSLeay can be found at ftp://psych.uq.edu.au/pub/Crypto/SSL/. These servers by and large use the same key and certificate format, and generate Certificate Signing Requests (CSR's) that are compatible with the Thawte Certification System. Examples are Sioux, Stronghold, ApacheSSL, Alibaba (which is linked against a very old version of SSLeay) and secure versions of WN. In all of these servers you can use the following procedure to generate your CSR: Locate ssleay These instructions assume that SSLeay is installed, and that you have the executable ssleay in your PATH. They also assume that you are using version 0.8.1 or later... ssleay version will tell you which version you are using. Generate your key: ssleay genrsa -des3 1024 > www.myserver.com.key This command sequence will generate a private key and store it in the file www.myserver.com.key. It will ask you for a pass phrase: use something secure and remember it. Your certificate will be useless without the key. If you don't want to protect your key with a pass phrase (only if you absolutely trust that server, and you make sure the permissions are carefully set so only you can read that key) you can leave out the -des3 option. Generate your CSR: ssleay req -new -key www.myserver.com.key> www.myserver.com.csr This command sequence will prompt you for the attributes of your certificate. You will now have a private key in www.myserver.com.key and a CSR in www.myserver.com.csr. Paste the CSR into our forms, and hold on to your key. You will need the key to operate your secure server when we issue your certificate.