Creating the Keys and Certificates for Other Servers

Keys and certificates for other communicating servers must be created if they do not exist. The following procedure describes the key and certificate generation for host linux.course.test.

# openssl genrsa -out /tmp/linux_key.pem 1024

Generating RSA private key, 1024 bit long modulus



e is 65537 (0x10001)

# openssl req -new -key /tmp/linux_key.pem -out /tmp/linux_req.pem

You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value

If you enter '.', the field will be left blank.


Country Name (2 letter code) [GB]:DE

State or Province Name (full name) [Berkshire]:Bavaria

Locality Name (eg, city) [Newbury]:Munich

Organization Name (eg, company) [My Company Ltd]:Trend Micro

Organizational Unit Name (eg, section) []:Global Training

Common Name (eg, your name or your server's host name) []:linux.course.test

Email Address []:<Enter>

Please enter the following 'extra' attributes to be sent with your certificate request

A challenge password []:<Enter>

An optional company name []:<Enter>

After completing this procedure, the /tmp/linux_key.pem file contains the linux.course.test private key in PEM-format. The /tmp/linux_req.pem file contains the unsigned certificate (certificate request) in the PEM-format.