C2Net Stronghold - Generate CSR
A Certificate Signing Request (CSR) is required when applying for an SSL certificate. This CSR (and private key) can be generated on your webserver. To request a wildcard certificate, fill in an * (asterisk) for the subdomain, for example *.sslcertificaten.nl (instead of www.sslcertificates.nl).
Certificates are managed in Stronghold using three commands: genkey, getca and genreq. The certificates are normally stored in /usr/local/ssl/private/.
Creating a Private Key
If there is no private key yet, it should first be created. Please enter the hostname of the server after the genkey-command. In this example we will use www.sslcertificaten.nl:
[root@server]# genkey www.sslcertificaten.nl
Two files will be generated, after which both the file names and location are shown. The standard values for this output are:
Creating a CSR
1. Use the following command to create the CSR:
[root@server]# genreq www.sslcertificaten.nl
Note: replace www.sslcertificaten.nl with the domain name of the certificate being requested.
2. The script will ask to confirm in order to prevent a new key overwriting an older Private Key or CSR.
3. Provide the key size in bits; preferably 2048.
4. Press random keys on the keyboard until the counter hits zero. This random input will be used to generate an unpredictable Key Pair.
5. When asked, press y to continue.
6. Provide the requested organization details LINK.
Note: at CA, choose Other.
The genkey script will now automatically create the CSR.
To order a certificate, copy the entire contents of the generated CSR, including the first and last line and all dashes.