WoSign,making the internet more secure and trusted!
home>Support>CSR Generation Instruction - Roxen

CSR Generation Instruction - Roxen

An Important Note Before You Start

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

Roxen Challenger Key and CSR Generation

Versions 1.0, 1.1 and 1.1.1 of the Roxen Challenger web server use the free SSLeay library for secure web browsing. We also use the tools distributed with SSLeay for managing keys and certificates.


First, you have to install SSLeay, version 0.6.4 or later, and make sure that the ssleay program is in your PATH. It is usually installed in /usr/local/ssl/bin.

You probably want to set your umask to 077, and perhaps also log in as root, to ensure that no one else can read any of the files created below.

To generate a new random RSA key pair, it is recommended that you first find some large relatively random files. If you are lucky, your system has a random device,

and you can create such a file (named randomness) with dd if=/dev/random of=randomness bs=500 count=1. If not, log files and current process status, compressed and encrypted with a random password will do, depending on how paranoid you are. You should destroy these files when you are done.

Then type ssleay genrsa -rand randomness 1024 >my_key.rsa . This generates your private key, which must be kept secret. Note that we do not protect it with a password, as Roxen needs to read it, and there is usually no one there to type in the password each time you start it.

The next step is to create a Certificate Signing Request (CSR). First you will have to enter the components of your distinguished name (X.509). When you are asked about your Common Name, you should enter your domain name or a wild card,

for example www.infovav.se or *.infovav.se. When you have all that information ready, type ssleay req -new -key my_key.rsa >my_csr.csr and fill in the information.

Of the resulting files, send my_csr.csr to Thawte, and keep your secret key my_key.rsa some place safe and secret.

Start the certificate request process

To submit the CSR to WoSign for processing you should start the certificate enrollment process.