GENERATE A CERTIFICATE SIGNING REQUEST (CSR) FOR ROXEN

Problem

How to generate a csr for Roxen

How do I generate a csr for Roxen

Resolution

For Roxen Challenger Key and CSR Generation, perform the following steps:

NOTE: A key length of 1024 bit is the default, but Thawte recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.

Versions 1.0, 1.1 and 1.1.1 of the Roxen Challenger web server use the free SSLeay library for secure web browsing. We also use the tools distributed with SSLeay for managing keys and certificates.

Instructions:

  1. First, install SSLeay, version 0.6.4 or later. (Make sure that the ssleay program is in your PATH. It is usually installed in /usr/local/ssl/bin).

    You probably want to set your umask to 077, and perhaps also log in as root, to ensure that no one else can read any of the files created below.

    To generate a new random RSA key pair, it is recommended that you first find some large relatively random files. If you are lucky, your system has a random device, and you can create such a file (named randomness) with dd if=/dev/random of=randomness bs=500 count=1. If not, log files and current process status, compressed and encrypted with a random password will do, depending on how paranoid you are. You should destroy these files when you are done.

    Then type ssleay genrsa -rand randomness 1024 >my_key.rsa. This generates your private key, which must be kept secret. Note that we do not protect it with a password, as Roxen needs to read it, and there is usually no one there to type in the password each time you start it.

  2. The next step is to create a Certificate Signing Request (CSR).

    First you will have to enter the components of your distinguished name (X.509). When you are asked about your Common Name, you should enter your domain name or a wild card, for example www.infovav.se or *.infovav.se.

    When you have all that information ready, type ssleay req -new -key my_key.rsa >my_csr.csr and fill in the information.

    Of the resulting files, send my_csr.csr to Thawte, and keep your secret key my_key.rsa some place safe and secret. 

For instructions on how to install the certificate, go to the following solution: SO2651

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Related Articles

CREATE A CERTIFICATE SIGNING REQUEST (CSR) FOR O'REILLY WEBSITE PROFESSIONAL SERVER

Problem How to Generate a csr for an O'Reilly WebSite Professional Server How do I generate a...

 CREATE A CERTIFICATE SIGNING REQUEST (CSR) FOR O'REILLY WEBSITE PROFESSIONAL SERVER

Problem How to Generate a csr for an O'Reilly WebSite Professional Server How do I generate a...

 GENERATE A CERTIFICATE SIGNING REQUEST (CSR) FOR BEA WEBLOGIC SERVER 5

Resolution To generate a CSR for BEA Weblogic Server 5.0 follow the instructions below: Start...

 GENERATE A CERTIFICATE SIGNING REQUEST (CSR) FOR IBM HTTP SERVER

Problem How to generate a csr for IBM HTTP Server How do I generate a csr for IBM HTTP Server...

 GENERATE A CERTIFICATE SIGNING REQUEST (CSR) FOR JETTY JAVA HTTP SERVLET WEB SERVER

Resolution NOTE: A key length of 1024 bit is the default, but Thawte recommends the use of a...