On a related note, I’m going to create a self-signed key so I can test
https support with nginx and my deployment. I read somewhere that care
should be taken when deciding to assign a passphrase, because some
applications may require you to enter the passphrase upon
initialization. Would that be the case with nginx?
Also I’m a bit confused about the key gen process (having never done
this before under Linux). I’ve found the various openssl commands to
generate the key, but its unclear as to which openssl command generates
the file that should be used for ssl_certificate, and which command
should be used to generate the file for ssl_certificate_key.
For instance I found this for generating a self-signed key for testing:
openssl req -new -x509 -nodes -out server.crt -keyout server.key
That looks easy enough. The server.crt goes to the ssl_certificate and
server.key goes to ssl_certificate_key.
But it gets a bit confusing when I look 's instructions for creating
keys to be signed by a real certificate authority. This is what I’ve
pieced together:
openssl genrsa -out /whatever/domain-name.com.key 1024
openssl req -new -key /whatever/domain-name.com.key -out
/whatever/domain-name.com.key.csr
So in that case I would use domain-name.com.key.csr for the
ssl_certificate, and I’d use the file I get back from the certificate
authority as the value for ssl_certificate_key? Do I have this right?
Thanks!
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ