Generating RSA private key, 1024 bit long modulus ..........++++++ ......................++++++ e is 65537 (0x10001)
Apache will need an encryption key, which can be generated by using OpenSSL.
You may also encrypt the key buy including the -DES3 parameter, but keep in mind Apache will then first need to decrypt the key before it can start SSL mode and will prompt for a password. This may hinder remote administration in some circumstance.
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value. If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: US State/Province Name (full name) [Some-State]: New York Locality Name (eg, city) []: Syracuse Organization Name (eg, company) []: Timothy Boronczyk OrganizationalUnitName (eg, section) []: . Common Name (eg, YOUR name) []: www.example.com Email Address []: mail@example.com
Please enter the following 'extra' attributes to be sent with your certificate request. A challenge password []: . An optional company name []: .
When requesting a certificate from the CA, the common name field should be the fully qualified domain name of the web server.
Sign and install the certificate request with the CA.
Using configuration from /usr/local/ssl/ssl/openssl.cnf Enter pass phrase for /usr/local/ssl/CA/private/CA.key: ***** Check that the request matches the signature Signature ok Certificate Details: Serial Number: 100 (0x64) Validity Not Before: Jun 25 20:37:39 2004 GMT Not After : Dec 25 20:37:39 2004 GMT Subject: countryName = US stateOrProvinceName = New York localityName = Syracuse organizationName = Timothy Boronczyk commonName = www.example.org emailAddress = mail@example.com x509v3 extensions: x509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate x509v3 Subject Key Identifier: 23:7B:59:C2:D6:51:A5:5C:14:44:52:75:F1:D7:8C:03 x509v3 Authority Key Identifier: keyid:49:FF:26:2C:59:57:18:D2:98:00:F5:D2:2D:B9 DirName:/C=US/ST=New York/L=Syracuse/CN=Timothy Boronczk/emailAddress=mail@example.com serial:00
Certificate is to be certified until Dec 25 20:37:39 2004 GMT (183 days). Sign the certificate? [y/n]: y
1 out of 1 certificate requests certified, commit? [y/n]: y Write out database with 1 new entries Data Base Updated
The certificate request must be signed by the CA for it to be valid. Enter the password for the CA's encrypted key, sign the certificate and commit the request.
