I am having to generate a CSR for a private RPC interface that is secured using certificates. As part of the requirements, it is specified that the only compatiable suite is:
SSL_RSA_EXPORT_WITH_RC4_40_MD5
My knowledge is rather limited but I have tried:
openssl genrsa -out mykey.private -des3 512
Then extract the public key via
openssl rsa -in mykey.private -pubout -out mykey.public
Then convert into a CSR via
openssl req -new ???
The unknown part is what parts of the cipher suites match to the parts if the CSR request, I have been told that it is a 512 bit key, however, I don't understand the relevance of the RC4 or the MD5 part!
Before people ask why I don't submit and see what happens, we get charged per CSR signing process failed or successful.
Regards,
Tom
RC4 is a symmetric cipher which does not appear in the certificate request and in the resulting certificate itself. What can be important is the message digest algorithm; apparently your export-restricted CA requires MD5.
So first create the CSR via:
(actually
-md5is still the default).Then answer the prompts appropriately. After the file is generated, you can examine its contents in text form:
Make sure that the Subject, Public Key Algorithm and Signature Algorithm fields are correct before submitting the CSR; you could also see that there is no mention of RC4 or any other symmetric encryption algorighm there.
SSL_RSA_EXPORT_WITH_RC4_40_MD5 is cipher suite, which needs to be specified in your SSL endpoint configuration.
But just in case, make sure, that you are using -md5 when generating CSR.