Problem
How to generate a csr for SSLeay
How do I generate a csr for SSLeay
Resolution
NOTE: A key length of 1024 bit is the default, but Thawte recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.
For SSLeay Key and CSR Generation, perform the following steps:
More and more secure web servers and value-added cryptographic applications are using the SSLeay free cryptographic toolkit, which includes a variety of libraries and utilities to manage secure sockets and public key cryptography.
SSLeay can be found at ftp://psych.uq.edu.au/pub/Crypto/SSL/.
These servers by and large use the same key and certificate format, and generate Certificate Signing Requests (CSR's) that are compatible with the Thawte Certification System.
Examples are Sioux, Stronghold, ApacheSSL, Alibaba (which is linked against a very old version of SSLeay) and secure versions of WN.
In all of these servers you can use the following procedure to generate your CSR:
Locate ssleay
These instructions assume that SSLeay is installed, and that you have the executable ssleay in your PATH.
They also assume that you are using version 0.8.1 or later... ssleay version will tell you which version you are using.
Generate your key:<
ssleay genrsa -des3 1024 >www.myserver.com.key
This command sequence will generate a private key and store it in the file www.myserver.com.key. It will ask you for a pass phrase: use something secure and remember it.
Your certificate will be useless without the key.
If you don't want to protect your key with a pass phrase (only if you absolutely trust that server, and you make sure the permissions are carefully set so only you can read that key) you can leave out the -des3 option.
Generate your CSR:
ssleay req -new -key www.myserver.com.key> www.myserver.com.csr
This command sequence will prompt you for the attributes of your certificate.
You will now have a private key in www.myserver.com.key and a CSR in www.myserver.com.csr.
Paste the CSR into our forms, and hold on to your key. You will need the key to operate your secure server when we issue your certificate.
Disclaimer:
Thawte has made efforts to ensure the accuracy and completeness of the information in this document. However, Thawte makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Thawte assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, Thawte assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Thawte reserves the right to make changes to any information herein without further notice.
