www.bonsaiframework.com
Page tree

Versions Compared

Old Version 90

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 91

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The next step is to generate the CSR.

With Passphrase Encryption

If a password is used, a password will need to be entered whenever the service using the certificate is started.

Panel

The private directory is not necessary but present for convention.

Code Block
languagebash
su bhitch # Use a sudo enabled account.
cd ~
mkdir private
sudo chmod 700 ./private
cd private
openssl genrsa -aes256 -out www.earth.com_server.key 2048

The openssl command reads,

  • genrsa - generate asymmetric keys
  • aes266- - protect the RSA key with a passphrase using CBC AES 256 symmetric key encyrption 
  • 2048 - make the RSA private key 2048 bit
Info

As of May 2011, most of the examples including the Apache 2.2 documentation use des3 and 1024. This was to accommodate older browsers. The standard has since changed to AES-256-CBC and 2048. Some CAs will no longer accept 1024.

Because we do not want to enter a password every time the web server is restarted, remove the password from the key file,

Code Block
languagebash
openssl rsa -in www.earth.com_server.key -out www.earth.com_server.key.insecure

The next step is to generate the CSR.

Generate the CSR

Generate the CSR which will be submitted to the CA,

...