SSL uses keys to encrypt and decrypt messages. Keys generally come in pairs: one public key, and one private key. With OpenSSL, the private key contains the public key information, so you do not generate a public key separately.
Keys use various cryptographic algorithms and key exchange methods. For generating private keys for use with certificates, you most commonly will use the RSA key exchange method with the Date Encryption Standard (DES) cryptographic algorithm in an openssl command (on UNIX in this example) as follows:
openssl genrsa -des3 -out server.key
The key output file will be in encrypted ASCII PEM (from “Privacy Enhanced Mail") format.
Because the file is encrypted, you will be prompted for a pass-phrase to protect it and decrypt it later if you want. If you do not want your key to be protected, do not use the -des3 argument in the command line.
Important! Do not use the -des3 option if you are running on Windows. The Secure Proxy Server does not start if there is a prompt for a pass-phrase.
To view the details of this RSA key, enter the following command:
openssl rsa -noout -text -in server.key
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |