...
| Warning |
|---|
Clarify with Shawn, where the keys are generated is not important right? It is for IHS but not for Apache. Also what about randomizing like this Entrust example? Is it no longer needed? |
Generate server keys for the Certificate Signing Request (CSR).
...
- genrsa - generate asymmetric keys
- aes-266-cbc - protect the RSA key pair with a passphrase using AES 256 symmetric key encyrption
- 2048 - make the RSA keys 2048 bit
| Info |
|---|
As of May 2011, most of the examples including the Apache 2.2 documentation use des3 and 1024. This was to accommodate older browsers. The standard has since changed to AES-256-CBC 2048. Some CA will no longer accept 1024. |
Because we do not want to enter a password every time the web server is restarted, remove the password from the key file,
...