C2Net Stronghold CSR Generation Instructions

C2Net Stronghold Server
(CSR Generation Procedures)

Stronghold keys and certificates are managed through three scripts: genkey, getca and genreq. These are part of the normal Stronghold distribution. Keys and certificates are stored in the directory: $SSLTOP/private/, where SSLTOP is typically /usr/local/ssl.

What your CSR will look like when your finished.

When sending your CSR to EBIZID, you MUST copy and paste the entire CSR Request, including the beginning and ending lines as shown below.
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Failure to do so will result in you having to resend your CSR in the correct format to EBIZID which will cause a prolonged delay in processing your order.

To generate a key pair and CSR for your server:

Step One: Run genkey, specifying the name of the host or virtual host: genkey hostname.
The genkey script displays the filenames and locations of the key file and CSR file it will generate: key file: /usr/local/www/sslhostname.key CSR file: /usr/local/www/sslhostname.cert

If you already have a key for your server, run genreq [servername] to generate only the CSR.

Step Two: Press Enter. The genkey script reminds you to be sure you are not overwriting an existing key pair and certificate.

When prompted, enter a key size. EBIZID recommends using a 1024 key size.

When prompted, enter random key strokes. Stop when the counter reaches zero and genkey beeps. This random data is used to create a unique public and private key pair.

When prompted, enter Y to create the key pair and CSR.

Enter the two-letter country code for your country. You must use the correct ISO country code, other abbreviations will not be recognized. For example, the correct code for United States is US.

Enter the full name of your state or territory. Do not abbreviate.

Enter the name of your city, town, or other locality.

Enter the name of your organization. This is the full legal name of the organization applying for the server certificate.

Enter the name of your unit within the specified organization. This is usually the group/department the certificate is for.

Enter your web site's fully-qualified name. For example, www.yourdomain.com. This is known as your site's Common Name.

If you are ordering a Wildcard Certificate, the Common Name field must be in the format of: * . yourdomain . com

Step Three: Back up your key file and CSR to a secure location.

Backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR). EBIZID will reissue certificates no more than 30 days from the time of purchase. If you do not backup your key and your server fails or other problems occur after the 30 days, you will then be required to purchase a new certificate. An ounce of prevention is all that is required to prevent this from happening.

Private Key Password: If you don't not specify a password, you will get an unencyrpted RSA private key. If you specify a password, you will get a PKCS-8 encrypted private key. When using PKCS-8 encrypted private keys, you need to enable the Use Encrytped Keys field on the SSL tab of the Server window in the Administration Console.

Should you choose to enter and use a Private Key password, you will need to make sure that you save that password in a secure place. If you ever need to reinstall your certificate for any reason, you will be required to enter that password. If you forget the password and it is past 30 days from your purchase date, then you will be required to purchase a new certificate. An ounce of prevention will prevent this from happening.