Generating a Certificate Signing Request (CSR) using RedHat Stronghold Web Server
Step 1: Generate a Private Key
Keys and certificates are managed through three scripts: genkey, getcert and genreq. These are part of the normal Stronghold distribution. Keys and certificates are stored in the directory$SSLTOP/private/, where SSLTOP is typically /usr/local/ssl.
Note: If you already have a key for your server, you can directly proceed with Step 2.
- Run genkey, specifying the name of the host or virtual host: genkey
hostname. The genkey script displays the filenames and locations of
the key file and CSR file it will generate:
Key file: /usr/local/www/sslhostname.key
CSR file: /usr/local/www/sslhostname.cert
- Press Enter. The genkey script reminds you to be sure you are not overwriting an existing key pair and certificate.
- When prompted, enter a key size in bits. It is recommended that you use a key size of 2048 or 4096.
- When prompted, enter random key strokes. Stop when the counter reaches zero and genkey beeps. This random data is used to create a unique public and private key pair.
When prompted, enter y to create the key pair and follow the instructions in Step 2.
Step 2: Create your Certificate Signing Request
If you are using the genkey script, follow the instructions below, otherwise use genreq script to generate the CSR
- For your CA select Other.
- Enter the two-letter country code for your country. You must use the correct ISO country code, other abbreviations will not be recognized.
- Enter the full name of your state or province. Do not abbreviate.
- Enter the name of your city, town, or other locality.
- Enter the name of your organization.
- Enter the name of your unit within the specified organization.
- Enter your web site's fully qualified name. For example www.company.com. This is also known as your site's common name.
- When you have finished entering the CSR data, the script automatically creates the CSR.
During the order process, you will be asked to "Copy & Paste" the contents of CSR file into the CSR field on the order form.
For additional information, please visit http://www.redhat.com/docs/manuals/stronghold/.