5.4.1 Creating a secret key file for SSL communication

By using the openssl command, create a secret key file for SSL communication. The following subsections describe the openssl command format and operands.

Organization of this subsection

(1) File path
(2) Format
(3) Operands

(1) File path

installation-folder^#\uCPSB\httpsd\sbin\openssl

#: In Linux, change installation-folder to /opt/jp1dh/server.

To Page Top

(2) Format

In Windows

openssl.bat genrsa -rand file-name[:file-name…] [-des|-des3] -out key-file [512|1024|2048|4096]

In Linux

openssl.sh genrsa -rand file-name[:file-name…] [-des|-des3] -out key-file [512|1024|2048|4096]

To Page Top

(3) Operands

Important: In the case of Linux, you cannot specify an operand containing single-byte spaces.

-rand file-name

Specify any file used for generating a random number. For a file used for generating a random number, specify a sufficiently large and appropriate file.

An example of file specification is as follows:
```
installation-folder^#\misc\digikatsuwide\digikatsuwide\WEB-INF\digikatsuwide.xml
```
#: In Linux, change installation-folder to /opt/jp1dh/server.
[-des|-des3]

To encrypt a secret key, specify the encryption type.

This encryption type has nothing to do with the encryption type for SSL communication between the reverse proxy server and a Web browser.

-des

When -des is specified, DES (Data Encryption Standard) is selected for the encryption type.

-des3

When -des3 is specified, Triple DES is selected.

If you specify this operand, you are required to enter your password when you create a secret key, create a certificate signing request (CSR), or start the reverse proxy server.

If you want to enable automatic password entry for starting the reverse proxy server, you have to first create a password file by using the sslpasswd.bat command. For details, see 5.4.2 Creating a password file.

You can enter a password from 4 to 64 characters^#.

#

If you enter a password less than 4 characters, a message appears, prompting you to enter a password from 4 to 1,023 characters long. Even so, remember that your password must be from 4 to 64 characters long. Particular care must be exercised to ensure that your password does not exceed 64 characters because, even if it does, no error is output.
-out key-file

Specify the file to which a secret key of the reverse proxy server is output.
[512|1024|2048|4096]

Specify the bit length of a secret key of the reverse proxy server to be created. If you omit this operand, the underlined value is used.

Important

Keys with a bit length of 1024 or lower are becoming more dangerous with decreased safety. Therefore, specify 2048 or higher for the bit length.

To Page Top