Generate 2048 bit key CSR OpenSSL

Tags: April 28, 2012 4:40 PM

Pihak issuer SSL certificate saat ini umumnya meminta Certificate Signing Request (CSR) 2048 bit karena key dengan 1024 sudah dapat "dicrack" dengan kemampuan mesin komputer terbaru. Selain itu dalam proses pembuatan CSR anda diminta untuk tidak memasukkan alamat email dan challenge password.

# openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
Generating a 2048 bit RSA private key
..................................+++
......................................................................................................................+++
writing new private key to 'example.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:Jawa Timur
Locality Name (eg, city) []:Surabaya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Ludruk Surabaya
Organizational Unit Name (eg, section) []:Lawakan
Common Name (eg, YOUR name) []:example.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Setelah perintah diatas maka akan terbentuk dua file yaitu example.com.key dan example.com.csr. File .csr inilah yang dikirim ke pihak penerbit SSL certificate.

Share on Facebook Twitter

0 comments:

Post a Comment