On 3/23/2012 11:47 PM, Ajay Garg wrote: > I used the following command to generate the ".key" and ".crt" :: > > ################################################################################################################ > openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout > ssl.key -out ssl.crt > ################################################################################################################ > > > I will be grateful, if you could let me know the required command(s) > to generate the "RSA Server Certificate", and the ".key" :-)
You already have both (ssl.key is your private key and ssl.crt is your certificate file). The key becomes SSLCertificateKeyFile and the cert becomes SSLCertificateFile in your httpd.conf. Since you generated both at the same time, they are sure to match. It's important to note that you now have what is called a self-signed cert (its identity is only vouched for by itself) and practically every client on the Internet will warn or refuse to connect to your server. It's up to you to decide if that is a problem or not - if this is something you will only use privately, it's probably OK. To get past this, you need to generate a certificate signing request and send it to a reputable CA for signing. I believe http://www.startssl.com/ offers this service for free, but there a few other free ones out there. openssl req -out ssl.csr -key ssl.key -new (This generates ssl.csr which you can safely email to be signed) -- Daniel Ruggeri --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
