Knowledgebase

Problem

Generate CSR for Covalent SSL

Resolution

NOTE: A key length of 1024 bit is the default, but Thawte recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.

To generate a CSR in Covalent follow the instructions below:

1. Start the Covalent SSL Certificate and Key Management Tool in the /path/to/ssl1.6/bin directory.
   For the graphical interface, execute:  ./sslctl 
   For the text interface, execute:  ./sslctl --textmode
2. Select Generate Certificate and Key from the options that display.
   The main Generate Certificate and Key screen displays.
   To continue, select Next.
3. In the Server Name screen, enter the name of the server you want to certify. The name you enter is the basis for the key and certificate file names. After you enter the server name, select Next to continue.
4. In the Key Size screen, select the size of your private key. A key size of 1024 bits is recommended. After you define the size you want, select Next to continue:
5. The Pass Phrase screen displays. Enter and confirm the pass phrase for your private key, then select Next to continue:
6. In the Certificate Information screen, define the information for your certificate. This information identifies your organization and site.
• Common Name - The name of your Web server as it appears in the server's URL. This name must be identical to the fully-qualified domain name of the Web server.
• Organization Name - This organization must own the domain name that appears in the Common Name. Do not abbreviate.
• Organization Unit Name - Usually the name of the department or group using the certificate.
• Locality Name - Usually the name of the city of your organization's home office.
• State or Province Name - This is the name of the state or province of your organization's head office. Do not abbreviate.
• Country Name - The two-letter ISO abbreviation for your country.
• Email Address - The e-mail address of your technical contact person.
After you define the information, select Next to continue:
7. Covalent SSL uses random data to generate your key. This process may take some time:
8. After Covalent SSL generates the key, the Success screen displays.
   Select Finish to return to the main Covalent SSL Certificate and Key Management Tool screen, then select Exit:
9. Modify the Apache configuration file if necessary.
   

   If you are securing the main server and using the included httpsd.conf, the file is configured correctly by default. No modifications are necessary.
   If you are securing an additional virtual host, you must include two <VirtualHost> containers for the secure site in the configuration file:
   Include a virtual host for HTTP requests listening on port 80.
   Include an SSL virtual host for HTTPS requests listening on port 443. The HTTPS virtual host must use an IP-based address and should include the SSLCertificateFile and SSLCertificateKeyFile directives.