Email Security: How to generate a 2048 bit CSR and private key with passphrase to setup TLS in Email

This article describes how to generate a 2048 bit CSR and private key with passphrase to setup TLS in Email Security.

We will OpenSSL to create the CSR. You will find OpenSSL under SonicWall installation directory or you may download it from Internet. First we will have to generate a private key. We use Passphrase, so we will use Triple-DES encrypted key. We need to run the following command to create the 2048 bit private key:

• OpenSSL genrsa -des3 -out test.key 2048 (2048 is the important part here).
  
  
• It will ask for the passphrase. Please enter it. You will need the passphrase later to generate the CSR.
• To generate the CSR, we need to run the following command:
  
  OpenSSL req -new -key test.key -out test.csr (For Linux system).
  
  OpenSSL req -new -key test.key -out test.csr -config openssl.cnf (For windows system).

NOTE: The extra attributes are optional. Once you enter the passphrase and other information, you will get the CSR and the private key under the folder from where you executed the openssl commands. You may send the CSR to a CA and get it signed. Please keep the private key safe as it will be required to enable TLS. Please contact SonicWall support once you get the certificate signed by the CA.