Create a Local Key Pair

[sukishan]

Create a Local Key Pair
If you have not already done so, your first step should be to create a local private/public key from which you can generate certificate requests. These can then be used for self-signed certificates, or when purchasing a certificate from a CA.

OpenSSL allows us to use the command line to generate keys. You have the option of using strong encryption and a passphrase to secure your private key, as shown below.

openssl genrsa -des3 -out domainname.com.key 1024

Typing the above on the command line will create a private key using TripleDES encryption, 1024 being the number of bits generated in the key. There are options for lower encryption levels and making the passphrase not required, however, these are not recommended for those with servers that are accessible via the Internet.

Note that if OpenSSL is not in your path, you may need to enter the full path to the binary for this purpose; by default, it's /usr/local/ssl/install/openssl/bin/openssl. The key will be created in the directory you're in.

Finally, you should modify the permissions to restrict access to the new key by issuing chmod 400 domainname.com.key on the command line. This ensures that only the root user has access to this file, and still requires the passphrase you may have used to create the key in order to open.