The best way to securely create and hold your private key is to do so on an encrypted drive. In that way only you will have access to the data even in the event your drive get lost or stolen.
Why creating a private key directly on an encrypted drive is more secure?
In case you stored your private key on a non encrypted drive, keep in mind that, even if you delete the key from the drive, the data will still be accessible through data recovery process. The only way to make sure the data is not accessible after you erase them is to write zero to the drive, which means you will lose any other data stored on that drive in the process.
That’s the main reason why you should create your private key securely directly on an encrypted drive and don’t move them around. Backup of the key should be also held on an encrypted drive.
To generate your SSL key pair, download and install openSSL.
Generating self signed certificate:
On a windows machine after installing and setting up openssl:
run cmd
cd C:\OpenSSL-Win32\bin
change the path after the cd command to your OpenSSL installation path
openssl genrsa -des3 -out server.key 4096
enter pass phrase for server.key:
Important: enter a password here, nothing will be displayed on screen, you will be ask to confirm this password that will be used during the next step
openssl req -config C:\OpenSSL-Win32\bin\cnf\openssl.cnf -new -key server.key -out server.csr
enter pass phrase for server.key:
This is the pass phrase you created at the previous step.
Important: leave challenge password blank, virtuemart won’t be able to validate the certificate if anything is entered as chanllenge password. Leave it blank.
Generate certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
For 2048 bits long certificate so first line become:
openssl genrsa -des3 -out server.key 2048