To generate a CSR, you will need to create a key pair for your server.
Generate a Key Pair
Stronghold keys and certificates are managed through three scripts: genkey, getca and genreq. These are part of the normal Stronghold distribution. Keys and certificates are stored in the directory $SSLTOP/private/, where SSLTOP is typically /usr/local/ssl.
To generate a key pair and CSR for your server:
- Run genkey, specifying the name of the host or virtual host: genkey hostname. The genkey script displays the filenames and locations of the key file and CSR file it will generate:
Key file: /usr/local/www/sslhostname.key CSR file: /usr/local/www/sslhostname.cert Note: If you already have a key for your server, run genreq [servername] to generate only the CSR.
- Press Enter. The genkey script reminds you to be sure you are not overwriting an existing key pair and certificate.
- When prompted, enter a key size in bits. We recommend using the largest key size available: 1024 bits.
- When prompted, enter random key strokes. Stop when the counter reaches zero and genkey beeps. This random data to create a unique public and private key pair.
- When prompted, enter y to create the key pair and CSR.
- Select Geotrust as your CA.
- Enter all of the information requested and press Enter. Back up your key file and CSR on a floppy disk and store the disk in a secure location. If you lose your private key or forget the password, you will not be able to install your Secure Server ID and will need to request and purchase a new one from Geotrust.
- You have just created a key pair and a CSR. To copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
- Copy and past the CSR into the enrollment pages on the Global Digital website
|