Ask a Question

Solution ID : SO2631

Generate a CSR for Raven SSL

Problem

Generate a CSR
Generate a private key

Solution

Note: In the interest of better security and the enablement of greater trust, we have decided that 2048-bit keys will now be the minimum strength used in the issuance of Thawte digital certificates.

 

These instructions were provided by Covalent, and at this stage Covalent will provide all technical support for Raven SSL. 

Please make sure that you are especially careful to backup the private key once it has been generated.  Your certificate will not work without that private key.

For users of Raven 1.2, the certificate generation process is invoked with the following command typed at a shell prompt. 

# ./ravenctl -cert

 

The process first prompts for the name of the certificate. Please enter the server name you wish to generate for. 

# ./ravenctl -cert

 

Name of the server you are issuing certificate for? -->

thawte.com

 

######################################
The key name chosen is example.covalent.net.key.
The certificate name is example.covalent.net.cert.
The key/certificate pairs will be stored in /usr/local/ssl.
######################################

You are about to generate a new key and key request. The key request will be sent to the email address of your choice and the keyfile will reside in /usr/local/ssl/private/thawte.com.key.

 

Number of bits in key (384 minimum, 2048 maximum)? -->  2048
Note: Choose the size of your key. Select 2048 bits

Execution example:

Generating random data, using the truerand library developed by Matt Blaze, Jim Reeds, and Jack Lacy at AT&T. This may take some time.
Generating 2048 bits of randomness: ................................
Generating 2048 random bits based on measuring the time interval between your keystrokes.  Please enter random text on your keyboard.
Generating the key. This may also take some time. Be patient.
The passphrase you enter here is very important. Do not lose it.
640 semi-random bytes loaded.
Generating RSA private key ,512 bit long modulus
...+++++
....+++++
e is 65537 (0x10001)

 

Choose a pass phrase that is secure. You need to remember password. 

Enter PEM pass phrase: ...................
Verifying password - Enter PEM pass phrase: ...................
Key successfully generated.

You must respond below with "Y" to generate a signing request. 

Would you like to send a Certificate Request to a CA? [Y/n]: -->  y

A Thawte CSR does *not* require the following options. Answer "N". 

Does your CA need the ASN1-Kludge? (Thawte) [y/N]: -->  n


 

Generating certificate request. This process will also create a temporary certificate for testing until you receive the certificate from your CA.
Please enter the following information:

Using configuration from /usr/local/ssl/lib/ssleay.cnf

Note: The pass phrase entered here is the phrase that you chose above. 

Enter PEM pass phrase: ...................

You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank For some fields there will be a default value,

If you enter '.', the field will be left blank.

Country Name (2 letter code) [US]: US
State or Province Name (full name) [State]: California
Locality Name (eg, city) [City]: Mountain View
Organization Name (eg, company) [Organization]: Thawte
Organizational Unit Name (eg, section) [Division]: IT

It is important that your Common Name matches the name that the server will identify itself as when serving requests. Enter that server name below. For example, if you will be pointing people at https://www.domain.com/ then your server name would be www.domain.com. If your server has a real name ("myserver") and an alias ("secure" or "www") and you will be pointing people at the alias, then make sure you give the alias here, otherwise the browser will claim that the site name does not match the certificate.

Note: It is also important that you give your State name, City name and two-letter UPPER CASE country code. The Organizational Unit field is optional.
 

Common Name (eg, YOUR name) [www.servername.com]: www.domain.com
Email Address [webmaster@servername.com]: webmaster@example.com
Using configuration from /usr/local/ssl/lib/ssleay.cnf
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=California, L=Mountain View, O=Thawte,
OU=IT, CN=www.domain.com/Email=webmaster@example.com

Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (512 bit)
        Modulus (512 bit):
            00:c0:34:7e:a5:02:f7:35:8e:42:7b:ce:69:e9:31:
            c0:4e:fd:d2:a7:6e:2f:ee:0b:09:84:00:b5:dc:49:
            3c:36:0b:82:74:7b:c8:65:3b:c4:85:b1:f8:71:86:
            78:71:39:7c:03:16:c0:2b:50:d4:f1:dd:2a:f2:ce:
            f3:68:35:d7:43
        Exponent: 65537 (0x10001)

Signature Algorithm: md5WithRSAEncryption
40:26:58:76:fe:a5:69:ab:fe:fd:f6:6e:0d:3b:f8:79:06:7e:
96:e3:1f:e0:44:12:c1:51:c6:58:f8:38:85:92:67:4e:99:ba:
3e:55:42:94:31:94:50:ba:96:19:4e:31:4a:d4:39:d6:91:12:
10:64:20:38:9c:df:df:ea:c8:72

Webmaster email: webmaster@example.com

Webmaster phone: +1.000000000
Note: Not required

 

Send CSR to your e-mail:

Mailing the CSR to your personal email account will allow you to easily cut and paste the request into the Thawte submission form. Please enter that address below. 

Send CSR via Email to? -->  yourmail@example.com
Certificate request sent to yourmail@example.com
Creating a self-signed certificate for use until your chosen CA delivers your signed certificate.
Using configuration from /usr/local/ssl/lib/ssleay.cnf
The pass phrase entered here is the phrase that you chose above. 
Enter PEM pass phrase: ...................

CSR generation process is complete. Check your email to obtain the CSR. Cut and paste this request into the Thawte request forms. 

Note: It is recommended to backup the contents of /usr/local/ssl/private so that you are sure you have backup copies of your private key.