SSL Certificates
Generating Keys
Generating keys is easy:
openssl genrsa -out ssl-certificate.key 2048
Note
If you're a bit nervous about the security of your key then you should add an extra flag for encryption, one of -des, -des3 or -idea. You will be prompted for a passphrase which you should not forget as it cannot be recovered.
This generates an unencrypted key in the file ssl-certificate.key.
You may see a warning along the lines of warning, not much extra random data, consider using the -rand option
This complaint about randomness is a bit tricky. We need some randomness to help seed the prime number generation and we can supply it either by pointing at a number of files or by putting some randomness into ~/.rnd. This file is specified in the (default) openssl.cnf configuration file.
You'll want something like:
dd bs=512 count=2 if=/dev/random of=~/.rnd
Warning
Remember to change it every now and again!
How Many Bits?
A good question. 2048.
Document Actions