Show TOC

Generating Certificates and KeysLocate this document in the navigation structure


You generate a private key and a certificate request for the Apache Web server. Send this request to your certification authority (CA). When your CA has signed the server certificate you collect it from the CA along with the root certificate. You then store the certificates and the key in the directories beneath <TREX_DIR>/Apache/conf/. Use the cryptography tool OpenSSL to generate the key and certificates.


You have generated the cryptography tool OpenSSL and the corresponding library modSSL ( using a build script (seeProviding Cryptography Software for the Apache Web Server). The generated files are stored in the following directories:

  • Openssl:      .../OpenSSL/bin/openssl
  • modSSL <TREX_DIR>/Apache/libexec/


  1. Navigate to the directory in which the executable file for the cryptography tool OpenSSL is located (.../OpenSSL/bin/).
  2. Generate a private key (RSA private key) for the Apache Web server by entering the following:

    openssl genrsa -des3 -out server.key 1024

  3. Then convert server.key to serveru.key.

    openssl rsa -in server.key -out serveru.key


    If you are using a server.key, the Apache Web server asks you to enter a password every time you start it. Converting server.key to serveru.key avoids this.

  4. Generate a request for your CA to sign the server certificate (Certificate Signing Request (CSR)) with the private key of the Apache Web server by entering the following:

    openssl req -new -key serveru.key -out serveru.csr

  5. Now send the certificate request serveru.csr to your CA to be signed. You receive the certificate serveru.crt from your CA. You use this to configure the Apache Web server.


    You now have the following files:

    • serveru.key      (Private key)
    • serveru.crt      (Server certificate that your CA signed)
    • ca.crt                (Root certificate of the CA)
  6. Copy these files to the following directories:

Storage Locations for Certificates and Keys

Certificate/Key Directory



serveru.crt ca.crt





In the next step you enter the files and paths to their storage locations into the configuration file httpd.conf of the Apache Web server in order to configure the Web server for secure communication with SSL.