Problem
Generate a CSR
Generate a private key
Resolution
Note: In the interest of better security and the enablement of greater trust, we have decided that 1024-bit keys will now be the minimum strength used in the issuance of Thawte digital certificates.
Stronghold Key and CSR Generation
Stronghold keys and certificates are managed through three scripts:
genkey, getca and genreq.
These are part of the normal Stronghold distribution.
Keys and certificates are stored in the directory $SSLTOP/private/, where SSLTOP is usually /usr/local/ssl.
If you don't yet have a key for your server:
Type genkey servername to create a key called servername.key in the ssl/private directory. This script will also generate a CSR: follow the instructions given there and choose Thawte as your CA. When you are done, make sure you have a backup of the entire ssl/private directory of your Stronghold installation. Your certificate will not work if you lose the private key you just generated.
If you already have a key for your server:
Type genreq servername to generate only a CSR.
Again, choose Thawte as your CA and follow the instructions to get the CSR for pasting into our online request form.
Once you have been issued with a certificate, you should use the getca servername < certfile command to install the certificate.
