Wiki
 

How to generate a SSL private key?

OpenSSL tool kit is required to generate private key.

  1. Install OpenSSL if it is not installed already.
  2. Create RSA private key for your web server by using command
openssl genrsa -out server.key 1024

You can create a Triple-DES encrypted private key file by using

openssl genrsa -des3 -out server.skey 1024

You need to give a password (pass-phase) for the private key file. You will be prompt for the password when the private key file is used every time.

LiteSpeed web server only support private key files without encryption. You probably think it is not safe for the private key. Well, in theory, it is not as safe as the encrypted version. But in reality, it is impossible to let user input password for the SSL keys whenever the server starts or restarts. Some web server can save the password somehow and automate the pass-phase when the server starts, but it is only as good as the machine is not compromised, unless your password is hardware protected. The private key file along with the certificate file should be placed in a directory that is only readable by whom the server running as. If you generated the encrypted key file, the pass-phase can be removed with the following command:

openssl rsa -in server.skey -out server.key

1024 in above commands is the length of the private key in bits. The bigger private key is more secure. You can create bigger private key like 2048 bit. However, if you plan to get your certificate from certificate issuer, you may have to use 1024 bit private key as it is the biggest key they can process, check with the issuer first. For more information about creating SSL private key please visit http://www.openssl.org/docs/HOWTO/keys.txt

 
litespeed_wiki/ssl_private_key.txt · Last modified: 2007/03/27 16:22 (external edit)