Chapter 25. Apache HTTP Secure Server Configuration258on your past experiences, on the experiences of your friends or colleagues, or purely on monetaryfactors.Once you have decided upon a CA, you need to follow the instructions they provide on how toobtain a certificate from them.4. When the CA is satisfied that you are indeed who you claim to be, they provide you with a digitalcertificate.5. Install this certificate on your secure server and begin handling secure transactions.Whether you are getting a certificate from a CA or generating your own self-signed certificate, the firststep is to generate a key. Refer to Section 25.6, “Generating a Key” for instructions.25.6. Generating a KeyYou must be root to generate a key.First, use the cd command to change to the /etc/httpd/conf/ directory. Remove the fake key andcertificate that were generated during the installation with the following commands:rm ssl.key/server.keyrm ssl.crt/server.crtNext, create your own random key. Change to the /usr/share/ssl/certs/ directory and type inthe following command:make genkeyYour system displays a message similar to the following:umask 77 ; \/usr/bin/openssl genrsa -des3 1024 > /etc/httpd/conf/ssl.key/server.keyGenerating RSA private key, 1024 bit long modulus.......++++++................................................................++++++e is 65537 (0x10001)Enter pass phrase:You now must enter in a passphrase. For security reason, it should contain at least eight characters,include numbers and/or punctuation, and it should not be a word in a dictionary. Also, remember thatyour passphrase is case sensitive.NoteYou are required to remember and enter this passphrase every time you start your secureserver. If you forget this passphrase, the key must be completely re-generated.Re-type the passphrase to verify that it is correct. Once you have typed it in correctly, /etc/httpd/conf/ssl.key/server.key, the file containing your key, is created.Note that if you do not want to type in a passphrase every time you start your secure server, you mustuse the following two commands instead of make genkey to create the key.
