Hi
Sorry for this folks, but I was writing part 1 of this email, when
Netscape had other ideas and sent it for me half-finished. Huh!
Anyway, I shall continue where I left off.
Firstly, the command to make a private key to either self-sign or get a
CSR for is:
openssl genrsa -rand .rnd -out key.pem 1024
As for the DNS load balancing, then you have all our sharing servers
believe they are the same server, and so they all share a key.
I really do recommend the details about TinySSL's key generation (which
is where I got my example command lines from) @
http://www.ritlabs.com/tinyweb/index.html#getdigitalid.
The mod_ssl site has a quite good explanation of encryption ideas
(chapter 2) at www.modssl.org. The SSLeay FAQ is a bit random but
probably worth reading (http://www2.psy.uq.edu.au/~ftp/Crypto/).
HTH,
Luke
