How to Generate an SSL Key

Technology Networking & Internet
By Technology
104 4

    Microsoft Windows

    • 1). Install the IIS Resource Kit, a free download from Microsoft. After installation, run iis60rkt.exe from the desktop. This opens the IIS Resource Kit Tools Install Wizard. Click "Next."

    • 2). Accept the EULA, or End User License Agreement. Click "Next" to proceed to the Customer Information dialog panel.

    • 3). Key the requested information into the user and company name fields. Choose whether you want to install the kit for just the user name specified, or for all users of the computer. Click "Next" to proceed to the Installation dialog panel.

    • 4). Select "Custom" in the Installation dialog. Click "Next," then click "Next" to accept the default location for the install.

    • 5). Uncheck all of the boxes except the "SelfSSL" box. Click "Next," then click "Next" on the following dialog panel, which starts the installation process. Click "Finish" when the install process is complete.

    • 6). Click on "Start," and in the search box, enter "SelfSSL". Right-click on the command prompt icon at the top of the Start window, and click "Run as administrator." You will need administrator privileges to create the certificate. At the command prompt, Enter "selfssl /T" and press "Enter." When prompted, enter "Y" to change SSL for this site. This will generate a key and self-signed certificate.

    • 7). You can now test your key and certificate by opening a browser and navigating to "https://localhost." If you see a Security Alert asking if you wish to proceed, you have successfully installed an SSL key and certificate.

    Linux

    • 1). If OpenSSL is not already installed on your Linux system, download and install it. Installation procedures may vary between Linux distributions, but the general command (at the command prompt) for some of the more popular distributions is:

      aptitude install openssl

    • 2). Create an RSA private key, or SSL key. With most Linux systems, the following command will accomplish this:

      openssl genrsa --des3 --out myserver.key 1024

      Execution of this command generates a key which is 1024 bits long and is Triple-DES encrypted. The key is in readable ASCII text.

    • 3). In order to use the key you have generated, create a CSR, or certificate signing request. The following command will create the CSR:

      openssl req -new -key myserver.key -out myserver.csr

      You will be prompted for information about your server and location. Answer the prompts correctly so that the certificate will be accurate and so that SSL will be able to adequately protect your server.

    • 4). Create a self-signed certificate with the following command:

      openssl x509 -req -days 90 -in myserver.csr -signkey myserver.key -out myserver.crt

      This command creates a x509 standard certificate that is good for 90 days.

    • 5). Complete the process by installing the certificate and private key with the following commands:

      cp myserver.crt /usr/local/apache/conf/ssl.crt

      cp myserver.key /usr/local/apache/conf/ssl.key

    • 6). Following your server's instructions, configure your host to tell it where the certificate and keys are located. You can test your certificate and key after restarting your machine.

Source...
Subscribe to our newsletter
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
You can unsubscribe at any time
You might also like on "Technology"

Leave A Reply

Your email address will not be published.