-1

I've tried activating an SSL cert. When it asked for the CSR code, I was thinking about generating this code on local machine because I haven't rented my own VPS yet. The thing is, I'm not sure whether or not the CSR code generated on local server is safe.

Is it required to generate this code on the actual server that's going to host the site?

Lewis
  • 109
  • 3

1 Answers1

1

It is not required to generate the CSR on the machine the certificate is going to be used.

Yet, the private key must be transmitted to the machine it is to be used on at some point, securely.

Also, you have to keep the private key private at all times especially while it is on multiple machines, which increases the risk of it being compromised; especially if it's your desktop machine you use for daily browsing.

Tobi Nary
  • 14,302
  • 8
  • 43
  • 58
  • Do you mean that it's not recommended to generate this code somewhere else other than the actual server? – Lewis Mar 30 '16 at 07:40
  • 1
    You may generate the key pair and/or the CSR wherever you like. You just have to keep tha key pair private at all times. Generation of the pair on a local, completely trusted machine might even be useful in case the hardware randomness of the server you rent is compromised. – Tobi Nary Mar 30 '16 at 07:41
  • BTW, is it ok to transfer the code via `openssh`? – Lewis Mar 30 '16 at 07:44
  • 2
    Generally a good idea, as long as the used cipher and key exchage suites are secure. – Tobi Nary Mar 30 '16 at 07:46
  • @Tresdin Adding to SmokeDispenser's comment, you may want to check out [Secure Secure Shell](https://stribika.github.io/2015/01/04/secure-secure-shell.html). – user Mar 30 '16 at 14:39