To generate a CSR, you will need to create a key pair for your server.

Generate a Key Pair

NOTE: A key length of 1024 bit is the default, but Geotrust recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.

Stronghold keys and certificates are managed through three scripts: genkey, getca and genreq. These are part of the normal Stronghold distribution. Keys and certificates are stored in the directory $SSLTOP/private/, where SSLTOP is typically /usr/local/ssl.

To generate a key pair and CSR for your server:

    1. Run genkey, specifying the name of the host or virtual host: genkey hostname. The genkey script displays the filenames and locations of the key file and CSR file it will generate:

      Key file: /usr/local/www/sslhostname.key
      CSR file: /usr/local/www/sslhostname.cert


      If you already have a key for your server, run genreq [servername] to generate only the CSR.


    1. Press Enter. The genkey script reminds you to be sure you are not overwriting an existing key pair and certificate.
    2. When prompted, enter a key size in bits. We recommend using the largest key size available: 2048 bits.
    3. When prompted, enter random key strokes. Stop when the counter reaches zero and genkey beeps. This random data to create a unique public and private key pair.
    4. When prompted, enter y to create the key pair and CSR.
    5. Select Geotrust as your CA.
    6. Enter all of the information requested and press Enter. Back up your key file and CSR on a floppy disk and store the disk in a secure location. If you lose your private key or forget the password, you will not be able to install your Secure Server ID and will need to request and purchase a new one from Geotrust.

You have just created a key pair and a CSR.

  1. To copy and paste the information into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
  2. Copy and past the CSR into the enrollment pages on the Geotrust website