...
SSL Process
Generate Server Keys
Warning |
---|
Clarify with Shawn, where the keys are generated is not important right? It is for IHS but not for Apache. Also what about randomizing like this Entrust example? Is it no longer needed? |
Generate server keys for Server keys must be generated for the Certificate Signing Request (CSR).
There are two options for generating the keys,
Because passphrase encryption requires an administrator's intervention, the current standard is to not use passphrase encryption and instead rely on the file system to protect the keys.
Without Passphrase Encryption
This is the generally accepted method of generating keys,
Code Block | ||
---|---|---|
| ||
cd ~
mkdir private
sudo chmod 700 ./private
cd private
openssl genrsa -out server.key 2048
|
The next step is to generate the CSR.
With Passphrase Encryption
If a password is used, the
Code Block |
---|
cd ~
mkdir private
sudo chmod 700 ./private
cd private
openssl genrsa -aes256 -out server.key 2048 |
...
Code Block | ||
---|---|---|
| ||
openssl rsa -in server.key -out server.key.insecure |
Finally, The next step is to generate the CSR.
Generate the CRS
Generate the CSR which will be submitted to the CA,
...