Re: A question about the “localhost.key” and “localhost.crt” files.

Thomas Dwyer III tomiii at tomiii.com
Fri Sep 4 16:06:35 UTC 2020


The filenames themselves are insignificant. You can name them anything you
want. The apache configuration file(s) contain key/value pairs where
SSLCertificateFile specifies the path to the file containing your
certificate and SSLCertificateKeyFile specifies the path to the file
containing your private key. There is no requirement that these filenames
match the name of your server. It sounds to me like you don't understand
how certificates work. I suggest you read a certificate tutorial such as
this one: http://www.steves-internet-guide.com/ssl-certificates-explained/

Once you understand how certificates work, I suggest reading the apache
documentation available here: https://httpd.apache.org/docs/current/ and,
specifically, the documentation for mod_ssl available here:
https://httpd.apache.org/docs/current/mod/mod_ssl.html


Regards,
Tom.III



On Fri, Sep 4, 2020 at 3:20 AM Jason Long via openssl-users <
openssl-users at openssl.org> wrote:

> Hello,
> I think “localhost.crt” and “localhost.key” files using by Apache and they
> are mandatory for get a HTTPS certificate. Some tools like "Certbot" need
> them.
> If these files deleted then how can I regenerate them? Is below command OK?
>
> # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
> /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt
>
> I found "/usr/libexec/httpd-ssl-gencerts" tool. Is it OK too?
>
> The "localhost" is the name of my server? If my server name in
> "/etc/hosts" file is "my-example.net" then these files name must be
> "my-example.net.key" and "my-example.net.crt" ?
>
> I'm thankful if anyone answer to my questions clearly.
>
> Thank you.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200904/bb4c8eb2/attachment.html>


More information about the openssl-users mailing list