A private key is required to create an SSL keypair. The following procedure for Windows systems creates a private key file called server.key in the c:\key folder.
Ensure that OpenSSL is stored in
C:\Mapp\OSS\apache\bin\openssl on the SVP. (You do not need to install OpenSSL.) If not, download and install
openssl.exe from
http://www.openssl.org/ to the
C:\openssl folder.
Note: C:\Mapp indicates the installation directory for the storage management software and SVP software. Specify C:\Mapp for the installation directory if another directory is specified for the installation directory.
-
When you install OpenSSL, if the read-only attribute is set, release it from
the c:\openssl folder. (This step is not necessary if you
use OpenSSL on the SVP.)
-
Open a command prompt with administrator permissions.
-
Move the current directory to
the folder to which the key file is output (such as c:\key), and execute
the following command. (The command to
be run differs depending on the key type of the private key to be
created.)
- For RSA
- C:\key>c:\openssl\bin\openssl genrsa -out
server.key key-length
- For ECDSA
- C:\key>c:\openssl\bin\openssl ecparam
-genkey -name key-length -out server.key
For key-length, you can specify either of the following:
- For RSA: 2048, 3072, or 4096
- For ECDSA: prime256v1 (secp256r1), secp384r1, or
secp521r1
- Example command input:
-
When the key type is RSA and the key length
is 2048 bit:
C:\key>c:\openssl\bin\openssl
genrsa -out server.key 2048
-
When the key type is ECDSA and the key length
is 256 bit (secp256r1):
C:\key>c:\openssl\bin\openssl
ecparam -genkey -name prime256v1 -out
server.key