G.1 Creating a private key for the Web server (openssl.bat genrsa command)
This section describes how to use the openssl.bat genrsa command to create a private key for the Web server. The created Web server private key file is specified in the SSLCertificateKeyFile directive.
Format
openssl.bat genrsa -rand file-name[:file-name...] [-des|-des3] -out key-file [512|1024|2048|4096]
Operand
- -rand file-name[:file-name...]
-
Specify any file to be used for random number generation.
- [-des|-des3]
-
Specify the encryption type when encrypting the private key. If you specify this operand, you will be requested to enter a password when creating the private key. The password is 4 to 64 characters long.
When creating the Certificate Signing Request (CSR), you will also be requested to enter the password. Note that you can skip the password entry for Web server startup.
If you specify -des, the Data Encryption Standard (DES) is selected as the encryption type. If you specify -des3, Triple DES is selected as the encryption type. This parameter does not affect the encryption type used in the communication between the Web server and the Web browser.
- -out key-file
-
Specify the file to which the Web server private key is output.
- [512|1024|2048|4096]
-
Specify the bit length of the Web server private key.
If this operand is omitted, 2048 is assumed.
Note
If you enter a password that is 3 characters long or less, there will be a message prompting you to enter at least 4 characters and no more than 1,023 characters. In this version, enter a password of 4 characters to a maximum of 64 characters. Please note that even if you enter a password of 65 characters or longer, it will not be an error.
Example
To create the httpsdkey.pem Web server private key:
openssl.bat genrsa -rand C:\WINNT\NOTEPAD.EXE -out httpsdkey.pem 2048
Related Topics