Skip to content. | Skip to navigation

Navigation

You are here: Home / Support / Guides / Tools / SSL Certificates / Generating Keys

Personal tools

SSL Certificates

How you can easily create and manage SSL certificates

Generating Keys

Generating keys is easy:

openssl genrsa -out ssl-certificate.key 2048

Note

If you're a bit nervous about the security of your key then you should add an extra flag for encryption, one of -des, -des3 or -idea. You will be prompted for a passphrase which you should not forget as it cannot be recovered.

This generates an unencrypted key in the file ssl-certificate.key.

You may see a warning along the lines of warning, not much extra random data, consider using the -rand option

This complaint about randomness is a bit tricky. We need some randomness to help seed the prime number generation and we can supply it either by pointing at a number of files or by putting some randomness into ~/.rnd. This file is specified in the (default) openssl.cnf configuration file.

You'll want something like:

dd bs=512 count=2 if=/dev/random of=~/.rnd

Warning

Remember to change it every now and again!

How Many Bits?

A good question. 2048.

Document Actions