Re: Question about private key



On Tue, 2013-02-19 at 13:57 -0600, Jim Campbell wrote:
Thanks for the explanation, Stef. I was more accustomed to Private
Keys in the sense of an SSH public/private key, and I didn't
understand how creating a private key would help me get a certificate.

You create a private key, always.

Then for the private key you create a signing request, also known as a
CSR.

Some tools make the above two steps one step.

Then you send the CSR [not the private key] to a Certificate Authority.

They generate a certificate using their signing certificate and your
CSR, then they send that certificate back to you.

Your server has the private key you started with AND the certificate
they send back to you - it *must* have both.  Obviously you never share
the private key, if your private key gets shared then your security is
broken and you need to generate a new key, csr, have is signed, etc...

This is how SSL provides identification.

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]