How do I generate a SSL Certificate for C2Net Stronghold ?
You can create a Certificate Signing request in C2Net Stronghold with either a GUI (graphical user interface) or Command Line access.
Please select which instructions you require:
- Enter the Stronghold Configuration Manager.
- Select New Key Generation to create a new key file.
- Enter key size (2048 bits) and follow instructions for generating the random data.
- When creating a CSR you must follow these conventions.
The following characters cannot be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?. &
- The key pair will be generated and saved in the file: strongholdserverroot/private/hostname.key.
- Edit this file to extract the CSR data to send to us. This is the text beginning with “-----BEGIN NEW CERTIFICATE REQUEST-----” up to and including the text “-----END NEW CERTIFICATE REQUEST-----”.
- You should now have a CSR, which you can use to request an SSL certificate.
- Certificates and keys are managed with three scripts in Stronghold: genkey, getca and genreq. They are typically stored in /usr/local/ssl/private/.
- If you do not already have a key for your server, at the prompt, run genkey and the name of the host for which you are generating the CSR (i.e. ‘genkey yourserver’). This will show two filenames – the key file and CSR file – and display their respective locations.
- If you do already have a key for your server, at the prompt, run genreq, not genkey, to create the CSR only.
- The script will prompt you to be certain you aren't overwriting a previous certificate request and key.
- You will be prompted for the key size in bits – use the highest available (2048).
- When prompted, hit keys randomly. When the script beeps and the counter shows zero, stop. (This random data is used to create a unique public and private key pair.)
- When asked, enter ‘y’ to proceed. You will be prompted for specific information about your company, your server and your Certified Authority. (For your CA, select the option ‘Other&8217;.)
- The genkey script will create the CSR automatically. It is highly recommended that you back up your key file and CSR and keep them some place secure. The key is required to install your certificate.
- Copy the entire contents of the CSR, including;
-----BEGIN CERTIFICATE REQUEST----- and-----END CERTIFICATE REQUEST-----