...
Server keys must be generated for the Certificate Signing Request (CSR). There is more than one utility to create keys
{infoboxopenssl seems to be the more straight forward and popular choice.
Openssl will create one key at a time where as utilities such as IBM's ikeyman can create both in one step. The private key is needed to complete the CSR. When it comes time for renewal, you can use your existing private key to generate the CSR and public key OR generate a new one.
| Info |
|---|
There is no clear consensus on whether creating a new or using an old private key is considered best practice. It is not necessary to create a new private key depending on which web server you are using, (ie you'd need to create new private keys due to the way Microsoft IIS Web server handles storing private keys) but many sites like sslshopper.com recommend that a new private key be created as it avoids confusion and is simplest. |
Openssl will be used to generate this CSR.
Generate Server Private Key
...
Generate the CSR (Certificate Signing Request) which will be submitted to the CA using the private key www.earth.com_server.key from above.
| Code Block | ||
|---|---|---|
| ||
openssl req -new -key www.earth.com_server.key -out www.earth.com_server.csr |
...