Description
To generate a CSR, you will need to create a key pair for your server.
Generate a Key Pair
NOTE: A key length of 1024 bit is the default, but Geotrust recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.
Stronghold keys and certificates are managed through three scripts: genkey, getca and genreq. These are part of the normal Stronghold distribution. Keys and certificates are stored in the directory $SSLTOP/private/, where SSLTOP is typically /usr/local/ssl.
To generate a key pair and CSR for your server:
- Run genkey, specifying the name of the host or virtual host: genkey hostname. The genkey script displays the filenames and locations of the key file and CSR file it will generate:
Key file: /usr/local/www/sslhostname.key
CSR file: /usr/local/www/sslhostname.certNote: If you already have a key for your server, run genreq [servername] to generate only the CSR.
- Press Enter. The genkey script reminds you to be sure you are not overwriting an existing key pair and certificate.
- When prompted, enter a key size in bits. We recommend using the largest key size available: 2048 bits.
- When prompted, enter random key strokes. Stop when the counter reaches zero and genkey beeps. This random data to create a unique public and private key pair.
-
When prompted, enter y to create the key pair and CSR.
- Select Geotrust as your CA.
-
Enter all of the information requested and press Enter. Back up your key file and CSR on a floppy disk and store the disk in a secure location. If you lose your private key or forget the password, you will not be able to install your Secure Server ID and will need to request and purchase a new one from Geotrust.
You have just created a key pair and a CSR.
- To copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
-
Copy and past the CSR into the enrollment pages on the Geotrust website