LinuxQuestions.org - Can someone explain a bit about these ssl prompts?

Quote:

Originally Posted by bangshws (Post 4500419)

Hi guys,
My knowledge about SSL is quite limited except the fact that I know we have a private key and a public key. But I'm not very sure about CA certificate things like that. My question is can you please explain how those things are used in the following :

What is private key, public key and thing like that?

Code:

touch smtpd.key

chmod 600 smtpd.key

openssl genrsa 1024 > smtpd.key

These 3 steps created a private RSA-style key. Creating the empty file with 600 permission first makes sure there is no time where anybody else could see the key. The private key is just a file that has one interesting property -- from the private key it is easy to generate another file called a public key, but from the public key it is nearly impossible to generate the private key.

The other commands extract the public key from the private key and create a self-signed certificate digest with it. A certificate is just a document that claims certain authority. The only proof that the certificate is valid is that it contains a digest that is signed with a key. Only someone with access to the private key (we hope) could have created that certificate.
Certificates signed by a certificate authority (CA) should be trusted to the same extent that you trust any large corporation.

Normally, both the text of the certificate and the digest are concatenated in the cert file.
For examples, look in /etc/ssl/certs