1. Enter the Stronghold Configuration Manager.
2. Select New Key Generation to create a new key file.
3. Enter key size (either 512 or 1024 bits) and follow instructions for generating the random data. 1024 bits is the recommended key size.
**** Note: The encryption key size (512 bit, 1024 bit) has nothing to do with the actual session key (128 bit, 40 bit)
4. When creating a CSR you must follow these conventions.
Enter the Distinguished Name Field information.
The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?. &
5. Thekey pair will be generated and saved in the file: strongholdserverroot/private/hostname.key.
6. Edit this file to extract the CSR data to send to us. This is the text beginning with "-----BEGIN NEW CERTIFICATE REQUEST-----" up to and including the text "-----END NEW CERTIFICATE REQUEST-----".
7. Submit the CSR by pasting it from the file above. You will be asked to complete the agreement and the enrollment form as well.
1. Certificates and keys are managed with three scripts in Stronghold: genkey, getca and genreq. They are typically stored in /usr/local/ssl/private/.
2. If you do not already have a key for your server, at the prompt, run genkey and the name of the host for which you are generating the CSR (i.e., ' genkey yourserver'). This will show two filenames - the key file and CSR file - and display their respective locations.
3. If you do already have a key for your server, at the prompt, run genreq, not genkey, to create the CSR only.
4. The script will prompt you to be certain you aren't overwriting a previous certificate request and key.
5. You will be prompted for the key size in bits - use the highest available (1024).
6. When prompted, hit keys randomly. When the script beeps and the counter shows zero, stop. (This random data is used to create a unique public and private key pair.)
7. When asked, enter 'y' to proceed. You will be prompted for specific information about your company, your server and your Certified Authority. (For your CA, select the option 'Other'.)
8. The genkey script will create the CSR automatically. It is highly recommended that you back up your key file and CSR and keep them some place secure. The key is required to install your certificate.
9. Copy the entire contents of the CSR, insuring to include
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----