2

I am having to generate a CSR for a private RPC interface that is secured using certificates. As part of the requirements, it is specified that the only compatiable suite is:

SSL_RSA_EXPORT_WITH_RC4_40_MD5

My knowledge is rather limited but I have tried:

openssl genrsa -out mykey.private -des3 512

Then extract the public key via

openssl rsa -in mykey.private -pubout -out mykey.public

Then convert into a CSR via

openssl req -new ???

The unknown part is what parts of the cipher suites match to the parts if the CSR request, I have been told that it is a 512 bit key, however, I don't understand the relevance of the RC4 or the MD5 part!

Before people ask why I don't submit and see what happens, we get charged per CSR signing process failed or successful.

Regards,

Tom

Tom Werner
  • 295
  • 3
  • 8
  • 1
    Sounds like you need a 512-bit RSA key pair (best guess). Knowning the Cypher suite isn't nearly as helpful as knowing exactly what the application requires. – Chris S Dec 14 '10 at 17:55

2 Answers2

2

RC4 is a symmetric cipher which does not appear in the certificate request and in the resulting certificate itself. What can be important is the message digest algorithm; apparently your export-restricted CA requires MD5.

So first create the CSR via:

openssl req -new -key mykey.private -md5 -out my.csr

(actually -md5 is still the default).

Then answer the prompts appropriately. After the file is generated, you can examine its contents in text form:

openssl req -in my.csr -text -noout

Make sure that the Subject, Public Key Algorithm and Signature Algorithm fields are correct before submitting the CSR; you could also see that there is no mention of RC4 or any other symmetric encryption algorighm there.

Sergey Vlasov
  • 6,288
  • 1
  • 21
  • 30
0

SSL_RSA_EXPORT_WITH_RC4_40_MD5 is cipher suite, which needs to be specified in your SSL endpoint configuration.

But just in case, make sure, that you are using -md5 when generating CSR.

mighq
  • 355
  • 1
  • 3
  • 11