Effective 1 January 2011, we will no longer support any Certificate Signing Request [CSR] generated with a 1024 bit key. This is because NIST, PKIX, WebTrust and other respective security standards no longer consider the 1024 bit key size as secure. Read more > [1]
1. Restart the administration server by typing the following commands:
2. To request the server certificate, click the Security tab near the top of this page.
3. Select the Request a Certificate link on the left frame.
The screenshot depicts the following options:
4. Fill out the form to generate a certificate request, using the following information:
If you can directly post your certificate request to a web-capable certificate authority or registration authority, select the CA URL link. Otherwise, choose CA Email Address and enter an email address where you would like the certificate request to be emailed to.
b. Select the Cryptographic Module you want to use.
Each realm has its own entry in this pull-down menu. Be sure that you select the correct realm. To use the Sun Crypto Accelerator 1000, you must select a module in the form of user@realm-name.
c. In the Key Pair File Password dialog box, provide the password for the user@realm-name that will own the key.
d. Provide the appropriate information for the following fields:
e. Click the OK button to submit the information.
5. Send the CSR to Digi-Sign.
6. Once the certificate is generated, copy it, along with the headers, to the clipboard.
NOTE that the certificate is different from the certificate request and is usually presented to you in text form.
Links:
[1] http://www2.digi-sign.com/about/announcements/2048
[2] http://www2.digi-sign.com/certificate+authority