Frequently Asked Questions

Create private key

Updated Time:2022-03-08  Views:38256

The encryption algorithm and length requirements of your private key for the SSL certificate service of this site are as follows.

1. The encryption algorithm uses the RSA algorithm

2. The encryption length is at least 2,048 bits

You can create your private key in the following two ways.

Create private key using OpenSSL

Step 1: You can download the latest OpenSSL installation package from the OpenSSL official website.

Note: OpenSSL version must be 1.0.1g or above.

Step 2: After installing the OpenSSL, run openssl genrsa -out myprivate.pem 2048 in command line mode to create  your private key file. The created private key file name is myprivate.pem, and the encrypted length is 2,048.

 

Create and export private key using Keytool

Keytool is a key management tool that comes with the JDK. It can create certificate files in Keystore (jks) format. You can download the JDK toolkit from the official address to obtain Keytool.

Since the public key and private key created with Keytool cannot be exported by default, you need to export the private key from the .keystore file that has been created. For how to export the private key from the .keystore file, see Certificate Format Conversion.

In the exported file, the following section is your private key:

-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

or

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

Note: No matter which method you use to create the key, please keep your private key file in a safe place. Once the private key file is lost or damaged, the corresponding public key and digital certificate you applied for will be unavailable.