Why Apache SSL installation doesn't require public key

[bangshws]

I'm following this tutorial: h t t p: / / w w w.sitepoint.com/securing-apache-2-server-ssl (please go to section "CREATE A LOCAL KEY PAIR")

As you can see, what we need is a certificate and a private key which can be obtained through the following 2 lines:

• openssl genrsa -des3 -out domainname.com.key 1024
• openssl req -new -key domainname.com.key -x509 -out sslname.crt

If you know a bit about public private key infrastructure, you can understand that to read and write messages in an understandable way for both sender and the receiver which are in this case our web browser and the web server, we ought to have a public key and a private key.

So my question is why don't we have to generate a public key for that installation?

[scathefire]

I thought the certificate contained the public key.

Normally when you create a CSR (certificate signing request) you send it to a CA (certificate authority). They sign your CSR and generate your certificate.

The certificate contains public and private key information. The CA verifies to the party in question that the certificate is is indeed still good.

When you generate your own certificate, you are the CA.

[bangshws]

Oh, so my certificate should be used as the public key as well. Ok Thanks for your reply!

[linuxwin2]

domainname.com.key is the private key
and
sslname.crt is the certificate (that contain public key) but it selfsigned

If you want to get a certificate from CA like verisign you must create a request

openssl req -new -key domainname.com.key -out domainname.com.req

And send this file
domainname.com.req

[bangshws]

fantastic! I got it now. Thanks!