1. Kreiranje potpisnog zahtjeva i privatnog ključa:
    1. Izvedite komandu:

openssl req -config openssl.cnf -new -out MojWeb.csr

C:\Moj dir>openssl req -config openssl.conf -new -out demo-pki.csr

Loading 'screen' into random state - done

Generating a 1024 bit RSA private key

...............++++++

..........................++++++

writing new private key to 'privkey.pem'

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) []:HR

State or Province Name (full name) []:

Locality Name (eg, city) []:

Organization Name (eg, company) []:FINA

Organizational Unit Name (eg, section) []:DEMO

Common Name (eg, your websites domain name) []:13429059

Email Address []:

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:bilosto

    1. Po završetku postupka iskreiraju se file privcey.pem što predstavlja privatni ključ servera i MojWeb.csr zahtjev
    2. MojWeb.csr koji izgleda otprilike ovako:

-----BEGIN CERTIFICATE REQUEST-----

MIIBlDCB/gIBADA+MQswCQYDVQQGEwJIUjENMAsGA1UEChMERklOQTENMAsGA1UE

CxMEREVNTzERMA8GA1UEAxMINTM0MjUwNTcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A

MIGJAoGBANcHmPNshleKSi1P4OhU5P5ftOF/YPXh35TtqljFHLwi6PshHZxY3UQg

NWoe/5l9APEkPx6x6b2texv/52/sTVgPCk9l9BzspvNHCC6FjOZEBfNEQPPNCmi0

g85cVYwlJx1LCp4j34Q9B+/rsZpwHFwKQZR/Bay1uKcS9yFwiPxHAgMBAAGgFzAV

BgkqhkiG9w0BCQcxCBMGbmphbmphMA0GCSqGSIb3DQEBBAUAA4GBALrVyhYGktq/

QCr7ejS615phlYjHlzJu/Y1gvlGA6G3GaT/mt7ulFjUzN3ABZA1/jwt1I/Tlrcpc

GtGGG3uxGl1RApQyon5DhOcBd9PilOxqIFn0uSq++QZ58nSQaEaU8ngn2KJ0kSWz

cTAbjYrAkR7Pwx1g7ivoUSTK8tlwLGua

-----END CERTIFICATE REQUEST-----

  1. Da bi se ''izvukao'' password iz privcey.pem:
    1. Izvedite komandu:

openssl rsa -in privkey.pem -out MojWeb.key

    1. Važno je da dobiveni file MojWeb.key treba štititi: treba biti čitljiv samo apache serveru i administratoru.
    2. Trebate izbrisati na siguran način .rnd file jer se može koristiti za korumpiranje privatnog ključa vašeg servera.