G.1 Creating a private key for the Web server (keygen command)
This section describes how to use the keygen command to create a private key for the Web server. The created Web server private key file is specified in the SSLCertificateKeyFile directive.
Format
keygen -rand file-name [encryption-type] -out key-file [-bits bit-length]
Arguments
- -rand file-name
-
Specify any file to be used for random number generation. You must specify an appropriate file whose size is large enough for the random number generation (for example, C:\WINNT\NOTEPAD.EXE).
- encryption-type
-
Specify the encryption type when encrypting the private key. If you specify this parameter, you will be requested to enter a password when creating the private key. The password must be no more than 64 characters long.
When creating the Certificate Signing Request (CSR) and starting the Web server, you will also be requested to enter the password. Note that you can skip the password entry for Web server startup. The following encryption types can be specified:
-
-des
The Data Encryption Standard (DES) is selected as the encryption type.
-
-des3
Triple DES is selected as the encryption type. This parameter does not affect the encryption type used in the communication between the Web server and the Web browser.
-
- -out key-file
-
Specify the file to which the Web server private key is output.
- -bits bit-length
-
Specify the bit length of the Web server private key. The following bit length can be specified:
-
512
-
1024
-
2048
-
4096
If this argument is omitted, 1024 is assumed.
-
Example
To create the httpsdkey.pem Web server private key:
keygen -rand C:\WINNT\NOTEPAD.EXE -out httpsdkey.pem -bits 1024
Related Topics