Knowledgebase / FAQ - ip-connect GmbH
Knowledgeroot - Version:
Menü verstecken Menü ausklappen Menü neuladen Menü einklappen
Menü schliessen
  1.    (Zuletzt geändert von rsch an 04.02.2011 22:30:31)


Make sure OpenSSL is really installed and in your PATH. But some commands even work ok when you just run the ``openssl''
program from within the OpenSSL source tree as ``./apps/openssl''.

Schritt 1

Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
$ openssl genrsa -des3 -out server.key 2048
(ohne pwd)
$ openssl genrsa -out server.key 2048


Beim Starten fragt der WebServer die KEY-Files ab und wenn wein Passwort bei der Erstellung verwendet wurde, so muss dieses bei jedem Start des Webserver eingegebn werden!

Please backup this server.key file and remember the pass-phrase you had to enter at a secure location.
You can see the details of this RSA private key via the command:
$ openssl rsa -noout -text -in server.key

And you could create a decrypted PEM version (not recommended) of this RSA private key via:
$ openssl rsa -in server.key -out server.key.unsecure

Schritt 2

Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
$ openssl req -new -key server.key -out server.csr

Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName",
i.e. when you generate a CSR for a website which will be later accessed via, enter "" here.
You can see the details of this CSR via the command
$ openssl req -noout -text -in server.csr


verschieben [Oben]

  2.Generate a Self-Signed Cert    (Zuletzt geändert von rsch an 27.08.2012 03:57:24)
openssl genrsa -out server.key 2084
openssl req -new -key Server.key -out .server.csr
openssl x509 -req -days 7300 -in .server.csr -signkey server.key -out server.crt

7300 days = 20 Jahre (365*20)

verschieben [Oben]