The private directory is not necessary but present for convention. Code Block |
---|
| su bhitch # Use a sudo enabled account.
cd ~
mkdir private
sudo chmod 700 ./private
cd private
openssl genrsa -aes256 -out www.earth.com_server.key 2048 |
The openssl command reads, - genrsa - generate asymmetric keys
- aes266- - protect the RSA key with a passphrase using CBC AES 256 symmetric key encyrption
- 2048 - make the RSA private key 2048 bit
Because we do not want to enter a password every time the web server is restarted, remove the password from the key file, Code Block |
---|
| openssl rsa -in www.earth.com_server.key -out www.earth.com_server.key.insecure |
The next step is to generate the CSR. |