> From: owner-openssl-us...@openssl.org On Behalf Of Zico
> Sent: Friday, 13 May, 2011 06:10
> Hi, is it necessary to generate private from "that server"
> in which I will install SSL certificate? I mean, say, I want to
> install SSL certificate for my www.mysite.com, now, is it necessary
> that, I have to generate private key and csr from that "www.mysite.com"
> server? Or, I can also create private key and CSR from my local machine
> and then apply for crt file from any authorized CA certificate provider?
The latter, as long as you transfer the private key from your machine
to the server along with the certificate from the CA.
You do need to keep *both* machines (keygen and server) secure
and also the transfer process. It's usually a little *simpler*
to generate on the server, so that's what people usually do.
But any process that produces a valid cert C from a CSR for key P,
and puts C and P together on the desired machine, works.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
