...
Generate a password-protected private key. This will request a passphrase. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.
Code Block language bash openssl genrsa -des3 -out server.key 1024 # Password protected private key
Additional security. If you want additional security, create a file called 'server.passwd' and add the passphrase to the file. Then set the file permission so that the file is only readable by the server process. Or you can choose to remove the password requirement. In that case, we don't need server.passwd file. code.
Code Block language bash cp server.key server.key.secure openssl rsa -in server.key.secure -out server.key # remove password requirement
Sign a certificate with a private key (self-signed certificate). Generate Certificate Signing Request(CSR). This will prompt a number of questions. However please ensure 'common name' matches the host where your server is going to run.
Code Block language bash openssl req -new -key server.key -out server.csr # Generate Certificate Signing Request(CSR)
Generate a self-signed certificate CRT, by using the CSR and private key
Code Block language bash openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Generate dhparam file. ecFlow expects 1024 2048 key
Code Block language bash openssl dhparam -out dh1024dh2048.pem 10242048