C2Net Stronghold Server SSL Certificate CSR Creation

SSL Certificate CSR Generation in C2Net Stronghold Server

  1. Certificates and keys are managed with three scripts in Stronghold: genkey, getca and genreq. They are typically stored in /usr/local/ssl/private/.

    If you do not already have a key for your server,

    At the prompt, run genkey and the name of the host for which you are generating the CSR (i.e., 'genkey yourserver'). This will show two filenames - the key file and CSR file - and display their respective locations.

    If you do already have a key for your server,

    At the prompt, run genreq, not genkey, to create the CSR only.

    The script will prompt you to be certain you aren't overwriting a previous certificate request and key.

    You will be prompted for the key size in bits - use the highest available (perferably 2048).

    Then the fun part - when prompted, hit keys randomly. When the script beeps and the counter shows zero, stop. (This random data is used to create a unique public and private key pair.)

    When asked, enter 'y' to proceed. You will be prompted for specific information about your company, your server and your Certified Authority.

    (For your CA, select the option 'Other'.)

    The genkey script will create the CSR automatically. It is highly recommended that you back up your key file and CSR and keep them some place secure.The key is required to install your certificate.

  2. Open the CSR file, and copy and paste its contents (including the BEGIN and END tags) into the E-Tugra online web page.