Knowledgebase: Installation FAQs
How do I obtain a certificate?
Posted by Sean Lee on 23 April 2013 01:51 PM

The necessary SSL Files are a certificate (typically cert.pem) and a key file (typically key.pem). Redrock Software can provide you with these and an additional file (req.pem) without charge; however, these files are self-signed by Redrock and will produce a warning on your standard web browser. Because Redrock Software Corporation is not a "Trusted" Certificate Authority to the major browser companies, you will always receive the warning with our free SSL Certificate. The req.pem is the equivalent of a Certificate Signing Request (CSR) and is used to obtain your SSL Certificate. You have the option of obtaining your own Apache-compatible certificate from a "Trusted" source, such as VeriSign, DigiCert, Thawte, EnTrust, GeoTrust, and GoDaddy. These are just a few of the options available to you; in all, the mainstream browsers (IE, Firefox, Safari, etc.) only trust about 20 of the major Certificate Authorities (CA).

If you choose to obtain your own certificate, be sure to retrieve an Apache-compatible certificate so it will work with the SSL Module. Some CA's will provide you with a chained certificate, which we will have to adjoin in order to make the file compatible. Place the certificate and key files in your Stunnel installation directory (C:\Program Files\stunnel). Keep a copy of your req.pem (CSR) file to request your new certificate when it expires.

What information is needed to generate a certificate for SSL?

  • Organization Name – University
  • Organizational Unit – Department
  • City, State  ZIP
  • Email address
  • Common Name or Fully qualified domain name – i.e. or

For more details about stunnel, goto the Use SSL Encryption to Secure Your Trac System documentation.

Comments (0)