OpenSSL Generating a Private Key: Difference between revisions

Generate the Private Key File

Apache with mod_ssl Enabled

1. Generate the private key using openssl.
   1. To Generate a private key with a pass phrase.
      1. # openssl genrsa -des3 -out <key_name>_passphrase.key 1024
      2. Enter a pass phrase for the key.
      3. Create a copy of the key with no pass phrase.
         1. # cp <key_name>_passphrase.key <key_name>_nopassphrase.key
         2. # openssl rsa -in <key_name>_nopassphrase.key -out <key_name>.key
      4. Verify the checksum of the key, this will be used to verify the CSR and the self signed certificate.
         1. # openssl rsa -noout -modulus -in <key_name>.key | openssl md5
   2. To Generate a private key without a pass phrase
      1. # openssl genrsa -out <key_name>_passphrase.key 1024
2. Create a copy of the key with no pass phrase.
   1. # cp <key_name>_passphrase.key <key_name>_nopassphrase.key
   2. # openssl rsa -in <key_name>_nopassphrase.key -out <key_name>.key
3. Verify the checksum of the key, this will be used to verify the CSR and the self signed certificate.
   1. # openssl rsa -noout -modulus -in <key_name>.key | openssl md5
4. At this point, create a backup of the <key_name>_passphrase.key and <key_name>.key on separate media.
5. For use in Apache, use the SSL key with no pass phrase to generate any CSRs.

Further Reading

1. How to Generate SSL key, CSR, and Self Signed Certificate for Apache