|
785.
|
|
|
Whether you are getting a certificate from a CA or generating your own self-signed certificate, the first step is to generate a key.
|
|
|
|
無論您是從一家CA那兒獲得證書或是生成您自己簽署的證書,第一步就是生成鑰匙。
|
|
Translated and reviewed by
yugu
|
|
|
|
Located in
serverguide/C/security.xml:1351(para)
|
|
786.
|
|
|
To generate the <emphasis>keys</emphasis> for the Certificate Signing Request (CSR) run the following command from a terminal prompt:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/security.xml:1375(para)
|
|
787.
|
|
|
openssl genrsa -des3 -out server.key 1024
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/security.xml:1381(command)
|
|
788.
|
|
|
![](/@@/translation-newline)
Generating RSA private key, 1024 bit long modulus ![](/@@/translation-newline)
.....................++++++ ![](/@@/translation-newline)
.................++++++ ![](/@@/translation-newline)
unable to write 'random state' ![](/@@/translation-newline)
e is 65537 (0x10001) ![](/@@/translation-newline)
Enter pass phrase for server.key:
|
|
|
represents a line break.
Start a new line in the equivalent position in the translation.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/security.xml:1384(programlisting)
|
|
789.
|
|
|
You can now enter your passphrase. For best security, it should at least contain eight characters. The minimum length when specifying -des3 is four characters. It should include numbers and/or punctuation and not be a word in a dictionary. Also remember that your passphrase is case-sensitive.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/security.xml:1393(para)
|
|
790.
|
|
|
Re-type the passphrase to verify. Once you have re-typed it correctly, the server key is generated and stored in the <filename>server.key</filename> file.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/security.xml:1401(para)
|
|
791.
|
|
|
You can also run your secure service without a passphrase. This is convenient because you will not need to enter the passphrase every time you start your secure service. But it is highly insecure and a compromise of the key means a compromise of the server as well.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/security.xml:1422(para)
|
|
792.
|
|
|
In any case, you can choose to run your secure service without a passphrase by leaving out the -des3 switch in the generation phase or by issuing the following command at a terminal prompt:
|
|
|
|
(no translation yet)
|
|
|
|
793.
|
|
|
openssl rsa -in server.key -out server.key.insecure
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/security.xml:1413(command)
|
|
794.
|
|
|
Once you run the above command, the insecure key will be stored in the <filename>server.key.insecure</filename> file. You can use this file to generate the CSR without passphrase.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/security.xml:1440(para)
|