How to generate an SSL private key?

OpenSSL tool kit is required to generate private key.

  1. Install OpenSSL if it is not installed already.
  2. Create RSA private key for your web server by using command
openssl genrsa -out server.key 2048

LiteSpeed web server only support private key files without encryption. You probably think it is not safe for the private key. Well, in theory, it is not as safe as the encrypted version. But in reality, it is impossible to let user input password for the SSL keys whenever the server starts or restarts. Some web server can save the password somehow and automate the pass-phase when the server starts, but it is only as good as the machine is not compromised, unless your password is hardware protected. The private key file along with the certificate file should be placed in a directory that is only readable by whom the server running as. If you generated the encrypted key file, the pass-phase can be removed with the following command:

openssl rsa -in server.skey -out server.key

2048 in above commands is the length of the private key in bits. The bigger private key is more secure. For more information about creating SSL private key please visit OpenSSL documentation.

  • Admin
  • Last modified: 2020/06/22 20:57
  • by Joshua Reynolds