Creating a private key using the OpenSSL command

System Administrator Guide for VSP 5000 Series

Version
90-09-2x
Audience
anonymous
Part Number
MK-98RD9009-16

A private key is required to create an SSL keypair. The following procedure for Windows systems creates a private key file called server.key in the c:\key folder.

Ensure that OpenSSL is stored in C:\Mapp\OSS\apache\bin\openssl on the SVP. (You do not need to install OpenSSL.) If not, download and install openssl.exe from http://www.openssl.org/ to the C:\openssl folder.
Note: C:\Mapp indicates the installation directory for the storage management software and SVP software. Specify C:\Mapp for the installation directory if another directory is specified for the installation directory.
  1. When you install OpenSSL, if the read-only attribute is set, release it from the c:\openssl folder. (This step is not necessary if you use OpenSSL on the SVP.)
  2. Open a command prompt with administrator permissions.
  3. Move the current directory to the folder to which the key file is output (such as c:\key), and execute the following command. (The command to be run differs depending on the key type of the private key to be created.)
    For RSA
    C:\key>c:\openssl\bin\openssl genrsa -out server.key key-length
    For ECDSA
    C:\key>c:\openssl\bin\openssl ecparam -genkey -name key-length -out server.key

    For key-length, you can specify either of the following:

    For RSA: 2048, 3072, or 4096
    For ECDSA: prime256v1 (secp256r1), secp384r1, or secp521r1
    Example command input:
    • When the key type is RSA and the key length is 2048 bit:

      C:\key>c:\openssl\bin\openssl genrsa -out server.key 2048

    • When the key type is ECDSA and the key length is 256 bit (secp256r1):

      C:\key>c:\openssl\bin\openssl ecparam -genkey -name prime256v1 -out server.key