Sign in or 
| Version | User | Scope of changes |
|---|---|---|
| Aug 12 2006, 9:49 AM EDT (current) | Anonymous | 240 words added |
| Aug 12 2006, 9:47 AM EDT | Anonymous |
Changes
Key: Additions Deletions
Generate the Key with the following command:
$ openssl genrsa -des3 -out www.virtualhost.com.key 1024
This command will generate 1024 bit RSA Private Key and stores it in the file www.virtualhost.com.key.
It will ask you for a pass phrase: use something secure and remember it. Your certificate will be useless without the key. If you don't want to protect your key with a pass phrase (only if you absolutely trust that server machine, and you make sure the permissions are carefully set so only you can read that key) you can leave out the -des3 option above. Backupyour www.virtualhost.com.key file and make a note of the pass phrase. A good choice is to backup this information onto a diskette or other removeable media.
Generate the CSR with the following command:
$ openssl req -new -key www.virtualhost.com.key -out www.virtualhost.com.csr
This command will prompt you for the X.509 attributes of your certificate. Remember to give the name www.virtualhost.com when prompted for `Common Name (eg, YOUR name)'.
Do not enter your personal name here. We are requesting a certificate for a webserver, so the Common Name has to match the FQDN of your website (a requirement of the browsers).
Generate a temporary self-signed Certificate:
$ openssl x509 -req -days 30 -in www.virtualhost.com.csr-signkey www.virtualhost.com.key -out www.virtualhost.com.crt
This command will generate a certificate a self-signed certificate in www.virtualhost.com.crt which can be used as a temporary certificate while you are waiting for a real certificate from Thawte.
