5.4.1 Creating a secret key file for SSL communication
By using the keygen command, create a secret key file for SSL communication. The following subsections describe the keygen command format and operands.
- Organization of this subsection
(1) File path
installation-folder#\uCPSB\httpsd\sbin\keygen
#: In Linux, change installation-folder to /opt/jp1dh/server.
(2) Format
keygen -rand file-name [-des|-des3] -out key-file [-bits {1024|2048|4096}]
(3) Operands
-
-rand file-name
Specify any file used for generating a random number. For a file used for generating a random number, specify a sufficiently large and appropriate file. You can specify only one file name. You cannot specify multiple file names.
An example of file specification is as follows:
installation-folder#\misc\digikatsuwide\digikatsuwide\WEB-INF\digikatsuwide.xml
#: In Linux, change installation-folder to /opt/jp1dh/server.
-
[-des|-des3]
To encrypt a secret key, specify the encryption type. If this operand is specified, a password is requested when a secret key is created. A password must be no more than 64 characters long.
A password is also requested when a certificate signing request (CSR) is created (described later) and when the reverse proxy server starts.
When -des is specified, DES (Data Encryption Standard) is selected for the encryption type.
When -des3 is specified, Triple DES is selected. This encryption type has nothing to do with the encryption type for SSL communication between the reverse proxy server and a Web browser.
Note that if you specify this operand, you need to create a password file. For details about how to create a password file, see 5.4.2 Creating a password file.
-
-out key-file
Specify the file to which a secret key is output.
-
[-bits {1024|2048|4096}]
Specify the bit length of a secret key to be created. If you omit this operand, the underlined value is used.