10.04.2020»»пятница

0we.netlify.com

Generate A Private Ssl Key

10.04.2020
    79 - Comments
Generate A Private Ssl Key 8,2/10 2800 reviews

If you want to convert your website from HTTP to HTTPS, you need to get a SSL certificate from a valid organization like Verisign or Thawte. You can also generate self signed SSL certificate for testing purpose.

In this article, let us review how to generate private key file (server.key), certificate signing request file (server.csr) and webserver certificate file (server.crt) that can be used on Apache server with mod_ssl.

Key, CSR and CRT File Naming Convention

I typically like to name the files with the domain name of the HTTPS URL that will be using this certificate. This makes it easier to identify and maintain.

Sep 11, 2018 Secure Socket Layer (SSL) uses two long strings of randomly generated numbers, which are known as private and public keys. A public key is available to the public domain as it is a part of your SSL certificate and is made known to your server. Jul 08, 2009  Get a Valid Trial SSL Certificate (Optional) Instead of signing it youself, you can also generate a valid trial SSL certificate from thawte. I.e Before spending the money on purchasing a certificate, you can also get a valid fully functional 21 day trial SSL certificates from Thawte. Once this valid certificate works.

  • Instead of server.key, I use www.thegeekstuff.com.key
  • Instead of server.csr, I use www.thegeekstuff.com.csr
  • Instead of server.crt, I use www.thegeekstuff.com.crt

1. Generate Private Key on the Server Running Apache + mod_ssl

First, generate a private key on the Linux server that runs Apache webserver using openssl command as shown below.

The generated private key looks like the following.

2. Generate a Certificate Signing Request (CSR)

Using the key generate above, you should generate a certificate request file (csr) using openssl as shown below.

3. Generate a Self-Signed SSL Certificate

For testing purpose, you can generate a self-signed SSL certificate that is valid for 1 year using openssl command as shown below.


You can use this method to generate Apache SSL Key, CSR and CRT file in most of the Linux, Unix systems including Ubuntu, Debian, CentOS, Fedora and Red Hat.

4. Get a Valid Trial SSL Certificate (Optional)

Instead of signing it youself, you can also generate a valid trial SSL certificate from thawte. i.e Before spending the money on purchasing a certificate, you can also get a valid fully functional 21 day trial SSL certificates from Thawte. Once this valid certificate works, you can either decide to purchase it from Thawte or any other SSL signing organization.

This step is optional and not really required. For testing purpose, you can always use the self-signed certificate that was generated from the above step.

Go to Thwate trial certificate request page and do the following:

  • Select “SSL Web Server Certificate (All servers)” under the “select your trial certificate”.
  • Do not check the PKCS #7 check-box under the “configure certificate”
  • Copy/Paste the *.csr file that you generate above in the textbox under “certificate signing request (CSR)”
  • Click on next at the bottom, which will give you a 21-day free trial certificate.


Copy/Paste the trial certificate to the www.thegeekstuff.com.crt file as shown below.

> Add your comment

If you enjoyed this article, you might also like.



Next post: Google Chrome OS – Beginning of End of Microsoft?

Previous post: Blog Makeover: New Thesis Theme In Action

Generate A Private Ssl Key File

You can also use Microsoft IIS to generate a Private Key and CSR.

How to generate a CSR in Microsoft IIS 7

1. Click Start, then Administrative Tools, then Internet Information Services (IIS) Manager.
2. Click on the server name.
3. From the center menu, double-click the 'Server Certificates' button in the 'Security' section (it is near the bottom of the menu). License key generator free.

4. Next, from the 'Actions' menu (on the right), click on 'Create Certificate Request.' This will open the Request Certificate wizard.

5. In the 'Distinguished Name Properties' window, enter the information as follows:

  1. Common Name - The name through which the certificate will be accessed (usually the fully-qualified domain name, e.g., www.domain.com or mail.domain.com).
  2. Organization - The legally registered name of your organization/company.
  3. Organizational unit - The name of your department within the organization (frequently this entry will be listed as 'IT,' 'Web Security,' or is simply left blank).
  4. City/locality - The city in which your organization is located.
  5. State/province - The state in which your organization is located.

6. Click Next.
7. In the 'Cryptographic Service Provider Properties' window, leave both settings at their defaults (Microsoft RSA SChannel and 2048) and then click next.

8. Enter a filename for your CSR file.

9. Remember the filename that you choose and the location to which you save it. You will need to open this file as a text file and copy the entire body of it (including the Begin and End Certificate Request tags) into the online order process when prompted

2. Back Up Private Key

To backup a private key on Microsoft IIS 6.0 follow these instructions:

1. From your server, go to Start > Run and enter mmc in the text box. Click on the OK button.
2. From the Microsoft Management Console (MMC) menu bar, select Console > Add/Remove Snap-in.
3. Click on the Add button. Select Certificates from the list of snap-ins and then click on the Add button.

4. Select the Computer account option. Click on the Next button.

5. Select the Local computer (the computer this console is running on) option. Click on the Finish button.
6. Click on the Close button on the snap-in list window. Click on the OK button on the Add/Remove Snap-in window.
7. Click on Certificates from the left pane. Look for a folder called REQUEST or 'Certificate Enrollment Request> Certificates

Generate Ssl Private Key Openssl

8. Select the private key that you wish to backup. Right click on the file and choose > All Tasks > Export

9. The certificate export wizard will start, please click Next to continue. In the next window select Yes, export the private key and click Next

10. Leave the default settings selected and click Next.

11. Set a password on the private key backup file and click Next
12. Click on Browse and select a location where you want to save the private key Backup file to and then click Next to continue. By default the file will be saved with a .pfx extension.
13. Click Finish, to complete the export process

How To Get Private Key From Certificate

3. Convert to RSA Private Key Format

Private Ssl Certificate

The private key is backed up as a ‘.pfx’ file, which stands for Personal Information Exchange.

To convert it to RSA Private Key format supported by inSync:

1. Download and install latest version of OpenSSL for windows from http://www.slproweb.com/products/Win32OpenSSL.html.

Note: OpenSSL requires Visual C++ 2008 Redistributables which can be downloaded from the same website.

Generate Ssl Private Key Linux

2. Open command prompt, navigate to C:OpenSSL-Win32bin>, and run the following commands.

3. The private key will be saved as ‘myserver.key’.

4. Carefully protect the private key. Be sure to backup the private key, as there is no means to recover it, should it be lost.

 0we.netlify.com © 2020