Apache key and cert generation

Posted by & filed under Server Admin.

Here’s a nice one liner to generate a private key and csr:

Generates the key and the csr in one shot.

Generating KEY/CSR/CRT with OpenSSL on Windows

Posted by & filed under Uncategorized.

I had to generate a CRT for a server that runs Windows but has Apache and OpenSSL installed. I figured I'd do a quick key/csr/crt refresher.

First go to the /bin directory in the OpenSSL install and run openssl.exe

First, generate a keyfile. Thawte is pushing the use of 2048 bit sized keyfiles, so substitute if needed.

genrsa -des3 -out keyfile.key 1024

Next -- verify the keyfile:

rsa -noout -text -in keyfile.key

Create a unsecured version of the keyfile so Apache doesnt ask for a password every time it loads. Apache.conf

rsa -in keyfile.key -out unsecured.keyfile.key

Create the actual CSR:

req -new -key keyfile.key -out certificate.csr

If you get this error:

OpenSSL req -new -key digitss.key -out digitss.csr

Unable to load config info from /usr/local/ssl/openssl.cnf

Run this to specify the config file instead:

OpenSSL req -new -key keyfile.key -out certificate.csr -config openssl.cnf

Now just point Apache at the keyfile, and install the cert when it arrives.