Show TOC

Generating Certificates and KeysLocate this document in the navigation structure

Use

You generate a private key and a certificate request for the Apache Web server. Send this request to your certification authority (CA). When your CA has signed the server certificate you collect it from the CA along with the root certificate. You then store the certificates and the key in the directories beneath <TREX_DIR>/Apache/conf/. Use the cryptography tool OpenSSL to generate the key and certificates.

Prerequisites

You have generated the cryptography tool OpenSSL and the corresponding library modSSL (libssl.so) using a build script (see Providing Cryptography Software for the Apache Web Server). The generated files are stored in the following directories:

  • Openssl: .../OpenSSL/bin/ openssl

  • modSSL <TREX_DIR>/Apache/libexec/ libssl.so

Procedure

  1. Navigate to the directory in which the executable file for the cryptography tool OpenSSL is located (.../OpenSSL/bin/).

  2. Generate a private key (RSA private key) for the Apache Web server by entering the following:

    openssl genrsa -des3 -out server.key 1024

  3. Then convert server.key to server u .key.

    openssl rsa -in server.key -out serveru.key

    Note

    If you are using a server.key, the Apache Web server asks you to enter a password every time you start it. Converting server.key to server u .key avoids this.

  4. Generate a request for your CA to sign the server certificate (Certificate Signing Request (CSR)) with the private key of the Apache Web server by entering the following:

    openssl req -new -key serveru.key -out serveru.csr

  5. Now send the certificate request serveru.csr to your CA to be signed. You receive the certificate serveru.crt from your CA. You use this to configure the Apache Web server.

    Result

    You now have the following files:

    • serveru.key (private key)

    • serveru.crt (server certificate that your CA signed)

    • ca.crt (CA root certificate)

  6. Copy these files to the following directories:

Certificate/Key

Directory

serveru.key

<TREX_DIR>/Apache/conf/ ssl.key

serveru.crt

ca.crt

<TREX_DIR>/Apache/conf/ ssl.crt

serveru.csr

<TREX_DIR>/Apache/conf/ ssl.csr

Result

In the next step you enter the files and paths to their storage locations into the configuration file httpd.conf of the Apache Web server in order to configure the Web server for secure communication with SSL.