Help:SSLPrivateKey

From OpenLiteSpeed
Jump to: navigation, search

A private key effectively establishes an identity for a particular server. A private key is necessary in order to apply for an SSL certificate and conduct secure connections. The OpenSSL tool kit is required to generate private key. Below are the basic steps for generating a private key. (For more information about creating a private key, please visit http://www.openssl.org/docs/HOWTO/keys.txt.)

Install OpenSSL if it is not installed already

For example, on CentOS, OpenSSL can be installed using yum as follows:

yum install openssl

Create a private key

Create an RSA private key for your web server by using the following command:

openssl genrsa -out server.key 2048

Do not create an encrypted private key file. OpenLiteSpeed does not support encrypted private key files. (Doing so would require a user to input their password for the private keys whenever the server starts or restarts. That would be impractical.)

If you generated an encrypted private key file, the passphrase can be removed with the following command:

openssl rsa -in server.skey -out server.key

Note: 2048 in the above commands is the length of the private key in bits. The bigger private key, the more secure. A 2048 bit key is commonly accepted by certificate authorities (CA). server.key will be the name of the private key file when it is generated.

Note: The private key file (and the certificate file) should be placed in a directory that is readable only by the web server user ("nobody").