How to create public/private key pair for web in Linux system?

You can create a certificate on any machine - not neccessarily the same as you will be using it on.

You can create a certificate with openssl:
http://technocage.com/~caskey/openssl/
http://www.openssl.org/docs/HOWTO/certificates.txt

YAST has a built in CA - just use that :)

Then, how to use CA in YaST?

Can show in step-by-step? This is going to be use by tomcat apache.

It looks interesting. let's me read through and get back to you.

Generate a 1024 bit RSA private key

Execute command: “openssl genrsa -out private_key.pem 1024”

$ openssl genrsa -out private_key.pem 1024
Generating RSA private key, 1024 bit long modulus
.............................++++++
................................................................++++++
e is 65537 (0x10001)

Select allOpen in new window

Generating a public key from a private key

Execute command: "openssl rsa -pubout -in private_key.pem -out public_key.pem"

$ openssl rsa -pubout -in private_key.pem -out public_key.pem
writing RSA key

Select allOpen in new window

A new file is created, public_key.pem, with the public key.

Viewing the key elements

Execute command: "openssl rsa -text -in private_key.pem"

Connect certificate to Aapche2

<VirtualHost hostname.com:443>

        ......

        SSLEngine on
        SSLOptions +StrictRequire
        SSLCACertificateFile /etc/apache2/ssl/cert-bundle.pem
        SSLCertificateFile /etc/apache2/ssl/cert-bundle.pem
        SSLCertificateKeyFile /etc/apache2/ssl/cert-bundle.pem

        <Directory /var/www/sitename/>
                SSLRequireSSL
                ..........

Select allOpen in new window

good