www.bonsaiframework.com
Page tree

Versions Compared

Old Version 30

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 31

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SSLShoper provides a great overview of the different types of SSL certificates available with various pros and cons. If you are still unsure, try using the SSL Shopper Wizard to guide you to the right choice.

SSL Process

Generate Server

...

Private Key

Server keys must be generated for the Certificate Signing Request (CSR).

...

This is the generally accepted method of generating keysthe key,

Code Block
languagebash
cd ~
mkdir private
sudo chmod 700 ./private
cd private
openssl genrsa -out server.key 2048

The command reads,

  • 2048 - make the RSA private key 2048 bit

The next step is to generate the CSR.

...

  • genrsa - generate asymmetric keys
  • aes266- - protect the RSA key pair with a passphrase using CBC AES 256 symmetric key encyrption 
  • 2048 - make the RSA keys private key 2048 bit
Info

As of May 2011, most of the examples including the Apache 2.2 documentation use des3 and 1024. This was to accommodate older browsers. The standard has since changed to AES-256-CBC 2048. Some CA will no longer accept 1024.

...