...
Generate a password protected private key. This will request a pass phrase.
This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text
Code Block title Password protected private key openssl genrsa -des3 -out server.key 1024
If you want additional security you can embed the pass phrase in security. Create a file , called 'server.passwd' and add the pass phrase to the file. Then set the file permission so that file is only readable by the server process.
Or you can choose to remove password requirement. In this case we don't need server.passwd file.
Code Block title remove password requirement cp server.key server.key.secure openssl rsa -in server.key.secure -out server.key
Sign certificate with private key (self signed certificate). Generate Certificate Signing Request(CSR).
This will prompt with a number of questions. However please ensure 'common name' matches the host where your server is going to run.
Code Block title Generate Certificate Signing Request(CSR) openssl req -new -key server.key -out server.csr
generate certificate CRT, by using the CSR and private key.
Code Block title Sign the certificate. server.crt must be accessible by client and server openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Generate dhparam file. ecflow expects 1024 key.
Code Block openssl dhparam -out dh1024.pem 1024
...