A question about the “localhost.key” and “localhost.crt” files.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

A question about the “localhost.key” and “localhost.crt” files.

OpenSSL - User mailing list
Hello,
I think “localhost.crt” and “localhost.key” files using by Apache and they are mandatory for get a HTTPS certificate. Some tools like "Certbot" need them.
If these files deleted then how can I regenerate them? Is below command OK?

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt

I found "/usr/libexec/httpd-ssl-gencerts" tool. Is it OK too?

The "localhost" is the name of my server? If my server name in "/etc/hosts" file is "my-example.net" then these files name must be "my-example.net.key" and "my-example.net.crt" ?

I'm thankful if anyone answer to my questions clearly.

Thank you.
Reply | Threaded
Open this post in threaded view
|

Re: A question about the “localhost.key” and “localhost.crt” files.

Thomas Dwyer III
The filenames themselves are insignificant. You can name them anything you want. The apache configuration file(s) contain key/value pairs where SSLCertificateFile specifies the path to the file containing your certificate and SSLCertificateKeyFile specifies the path to the file containing your private key. There is no requirement that these filenames match the name of your server. It sounds to me like you don't understand how certificates work. I suggest you read a certificate tutorial such as this one: http://www.steves-internet-guide.com/ssl-certificates-explained/

Once you understand how certificates work, I suggest reading the apache documentation available here: https://httpd.apache.org/docs/current/ and, specifically, the documentation for mod_ssl available here: https://httpd.apache.org/docs/current/mod/mod_ssl.html


Regards,
Tom.III



On Fri, Sep 4, 2020 at 3:20 AM Jason Long via openssl-users <[hidden email]> wrote:
Hello,
I think “localhost.crt” and “localhost.key” files using by Apache and they are mandatory for get a HTTPS certificate. Some tools like "Certbot" need them.
If these files deleted then how can I regenerate them? Is below command OK?

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt

I found "/usr/libexec/httpd-ssl-gencerts" tool. Is it OK too?

The "localhost" is the name of my server? If my server name in "/etc/hosts" file is "my-example.net" then these files name must be "my-example.net.key" and "my-example.net.crt" ?

I'm thankful if anyone answer to my questions clearly.

Thank you.