C2Net Stronghold - Generate CSR

A Certificate Signing Request (CSR) is required when applying for an SSL certificate. This CSR (and private key) can be generated on your webserver. To request a wildcard certificate, fill in an * (asterisk) for the subdomain, for example *.sslcertificaten.nl (instead of www.sslcertificates.nl).

Certificates are managed in Stronghold using three commands: genkey, getca and genreq. The certificates are normally stored in /usr/local/ssl/private/.

Creating a Private Key

If there is no private key yet, it should first be created. Please enter the hostname of the server after the genkey-command. In this example we will use www.sslcertificaten.nl:

[root@server]# genkey www.sslcertificaten.nl

Two files will be generated, after which both the file names and location are shown. The standard values for this output are:

Key file: /usr/local/www/www.sslcertificaten.nl.key

CSR file: /usr/local/www/www.sslcertificaten.nl.cert

Creating a CSR

1. Use the following command to create the CSR:

[root@server]# genreq www.sslcertificaten.nl

Note: replace www.sslcertificaten.nl with the domain name of the certificate being requested.

2. The script will ask to confirm in order to prevent a new key overwriting an older Private Key or CSR.

3. Provide the key size in bits; preferably 2048.

4. Press random keys on the keyboard until the counter hits zero. This random input will be used to generate an unpredictable Key Pair.

5. When asked, press y to continue.

6. Provide the requested organization details LINK.
Note: at CA, choose Other.
The genkey script will now automatically create the CSR.

To order a certificate, copy the entire contents of the generated CSR, including the first and last line and all dashes.

Order certficate


Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues