OpenSSL Generating a Private Key

From UNIX Systems Administration
Revision as of 19:21, 12 November 2020 by Michael Kohler (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Generate the Private Key File

Apache with mod_ssl Enabled

  1. Generate the private key using openssl.
    1. To Generate a private key with a pass phrase.
      1. # openssl genrsa -des3 -out <key_name>_passphrase.key 2048
      2. Enter a pass phrase for the key.
      3. Create a copy of the key with no pass phrase.
        1. # cp <key_name>_passphrase.key <key_name>_nopassphrase.key
        2. # openssl rsa -in <key_name>_nopassphrase.key -out <key_name>.key
      4. Verify the checksum of the key, this will be used to verify the CSR and the self signed certificate.
        1. # openssl rsa -noout -modulus -in <key_name>.key | openssl md5
    2. To Generate a private key without a pass phrase.
      1. # openssl genrsa -out <key_name>_nopassphrase.key 2048
  2. Verify the checksum of the key, this will be used to verify the CSR and the self signed certificate.
    1. # openssl rsa -noout -modulus -in <key_name>.key | openssl md5
  3. At this point, create a backup of all of the keys on separate media.
  4. For use in Apache, use the SSL key with no pass phrase to generate any CSRs.

Further Reading

  1. How to Generate SSL key, CSR, and Self Signed Certificate for Apache
Retrieved from "http://www.outlandsmud.com/wiki/index.php?title=OpenSSL_Generating_a_Private_Key&oldid=1199"