News:

Build a stunning handcrafted website with IT Acumens

Main Menu

Create a Local Key Pair

Started by sukishan, Aug 22, 2009, 07:01 PM

Previous topic - Next topic

sukishan

Create a Local Key Pair
If you have not already done so, your first step should be to create a local private/public key from which you can generate certificate requests. These can then be used for self-signed certificates, or when purchasing a certificate from a CA.

OpenSSL allows us to use the command line to generate keys. You have the option of using strong encryption and a passphrase to secure your private key, as shown below.

openssl genrsa -des3 -out domainname.com.key 1024

Typing the above on the command line will create a private key using TripleDES encryption, 1024 being the number of bits generated in the key. There are options for lower encryption levels and making the passphrase not required, however, these are not recommended for those with servers that are accessible via the Internet.

Note that if OpenSSL is not in your path, you may need to enter the full path to the binary for this purpose; by default, it's /usr/local/ssl/install/openssl/bin/openssl. The key will be created in the directory you're in.

Finally, you should modify the permissions to restrict access to the new key by issuing chmod 400 domainname.com.key on the command line. This ensures that only the root user has access to this file, and still requires the passphrase you may have used to create the key in order to open.
A good beginning makes a good ending

Quick Reply

Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.

Note: this post will not display until it has been approved by a moderator.

Name:
Email:
Verification:
Please leave this box empty:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:

Shortcuts: ALT+S post or ALT+P preview