Creating a 2048 bit certificate request from VisualSVN Server
A few days ago we decided not to use self signed certificates with our Subversion Servers anymore and decided to buy a certificate approved by a certificate authority.
I went to VisualSVN Manager, made a certificate request, pasted it into the certificate request form on the website of one of certificate authorities and submitted the form. I was surprised when I saw an error message saying that certificate request has to be generated with a private key with at least 2048 bit encryption. I went back to VisualSVN Manager to find the step where I can specify the type of the key I want to use but I was not able to find such setting in the certificate request wizard.
It took me a few minutes to find a few posts on the net and to combine them into a working solution so I thought it would be nice to share those findings with others.
Here are the steps you need to take in order to generate a 2048 bit certificate request using VisualSVN Manager:
- You first need to create a new private key for VisualSVN Manager to use it when creating a request. To do that you should follow the next steps:
- Open command prompt
- Type the following command: openssl.exe genrsa 2048 > private.key
- After that you will be able to find a new file called "private.key" in your working folder. Edit the file in a text editor and leave it for now.
- Check if your new private key has the right length by executing next command in command prompt: openssl.exe rsa -noout -text -in private.key
- Check the output of command executed under 1.d. and see if you can find next text in it: "Private-Key: (2048 bit)"
- Now you need to update "server.pem" file for your VisualSVN Server. To do that follow the next steps:
- Open Windows Explorer and navigate to root folder of your VisualSVN Server installation (it was in "C:\Program Files\VisualSVN Server\" on my server)
- Find "server.pem" file (it was in "conf" folder on my server)
- Edit "server.pem" file with a text editor
- Replace everything between "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----" with the content from "private.key" you generate in step 1.b. and save changes for "server.pem".
- You should now re-create the self signed certificate for your VisualSVN Server to be able to use Subversion until you acquire and setup a new signed certificate. To do that follow the next steps:
- Open VisualSVN Manager
- Select "Action" and then "Properties" in menu
- Go to "Certificate" tab and click no "Change certificate..." button
- Choose "Create new self-signed certificate" option and click "Next >" button
- Click on "Next" and "Finish" buttons until you finish with self-signed certificate creation.
- Check if the new self-signed certificate has the right key length by executing next command: openssl.exe x509 -noout -text -in server.pem
- o NB: you will have to put the full path to "server.pem" to be able to see results; when you get the output of above command you should look for the following text: "RSA Public Key: (2048 bit)" - if it is there then you have a 2048 bit key
- The only thing you still need to do is to create a new 2048 bit certificate. To do that follow the next steps:
- Open VisualSVN Manager
- Select "Action" and then "Properties" in menu
- Go to "Certificate" tab and click no "Change certificate..." button
- Choose "Prepare certificate request" option and click "Next >" button
- Fill-in the name of your domain that will be used by Subversion for SSL communication
- Click Next and fill-in the other required information
After completing above mentioned steps I was able to request a signed 2048 bit certificate for our Subversion and to use for all existing and new repositories.
