{"id":52866,"date":"2025-10-01T04:55:01","date_gmt":"2025-10-01T01:55:01","guid":{"rendered":"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/"},"modified":"2025-10-01T04:55:02","modified_gmt":"2025-10-01T01:55:02","slug":"how-to-configure-rsa-step-by-step","status":"publish","type":"post","link":"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/","title":{"rendered":"How to Configure Rsa Step by Step"},"content":{"rendered":"<p><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#Overview_what_configuring_RSA_means_and_when_to_do_it\" >Overview: what configuring RSA means and when to do it<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#What_you_need_before_starting\" >What you need before starting<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#Step_1_Generate_an_RSA_key_pair_SSH-focused\" >Step 1 , Generate an RSA key pair (SSH-focused)<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#SSH_agent_and_adding_the_key\" >SSH agent and adding the key<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#Step_2_Install_the_public_key_on_the_server_SSH\" >Step 2 , Install the public key on the server (SSH)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#Step_3_Configure_the_SSH_server\" >Step 3 , Configure the SSH server<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#Step_4_Generate_RSA_private_key_and_CSR_for_TLSHTTPS_OpenSSL\" >Step 4 , Generate RSA private key and CSR for TLS\/HTTPS (OpenSSL)<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#Install_the_certificate_in_web_servers\" >Install the certificate in web servers<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#Step_5_Convert_key_formats_and_import_into_keystores\" >Step 5 , Convert key formats and import into keystores<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#Step_6_Key_management_rotation_and_security_practices\" >Step 6 , Key management, rotation and security practices<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#Troubleshooting_common_issues\" >Troubleshooting common issues<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#Summary\" >Summary<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#frequently_asked_questions\" >frequently asked questions<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#1_What_RSA_key_size_should_I_use\" >1. What RSA key size should I use?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#2_Can_I_use_the_same_RSA_key_for_SSH_and_TLS\" >2. Can I use the same RSA key for SSH and TLS?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#3_How_do_I_protect_my_RSA_private_key\" >3. How do I protect my RSA private key?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#4_My_ssh_key_is_ignored_What_should_I_check\" >4. My ssh key is ignored. What should I check?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-rsa-step-by-step\/#5_How_do_I_convert_an_OpenSSL_private_key_for_Java\" >5. How do I convert an OpenSSL private key for Java?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Overview_what_configuring_RSA_means_and_when_to_do_it\"><\/span>Overview: what configuring RSA means and when to do it<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\n    RSA configuration usually refers to generating and installing RSA key pairs for authentication or encryption: <a href=\"https:\/\/www.a2hosting.com\/kb\/getting-started-guide\/accessing-your-account\/using-ssh-secure-shell\/\" target=\"_blank\" rel=\"noopener\">ssh<\/a> public-key logins, <a href=\"https:\/\/www.hostinger.com\/tutorials\/what-is-tls\" target=\"_blank\" rel=\"noopener\">tls<\/a>\/<a href=\"https:\/\/www.hostinger.com\/tutorials\/what-is-ssl\" target=\"_blank\" rel=\"noopener\">https<\/a> certificates, or application keystores. The same basic steps repeat in each context , create <a href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-2fa-step-by-step\/\">a<\/a> private key, derive a public key or CSR, install the public material where it is trusted, and lock down the private key. The examples below use <a href=\"https:\/\/hostadvice.com\/how-to\/web-hosting\/windows\/how-to-install-an-openssh-server-client-on-a-windows-2016-server\/\" target=\"_blank\" rel=\"noopener\">openssh<\/a>, OpenSSL, and common server software so you can follow along on <a href=\"https:\/\/www.hostinger.com\/tutorials\/linux-commands\" target=\"_blank\" rel=\"noopener\">linux<\/a> and similar systems; Windows-specific notes <a href=\"https:\/\/support.hostinger.com\/en\/articles\/6448761-website-builder-how-to-make-a-website-appear-on-google\" target=\"_blank\" rel=\"noopener\">appear<\/a> where helpful.\n  <\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_you_need_before_starting\"><\/span>What you need before starting<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\n    You need command-line access on the client that will hold the private key and administrative access to any server where you will install the public key or certificate. Common tools are <a href=\"https:\/\/www.hostinger.com\/tutorials\/ssh\/how-to-set-up-ssh-keys\" target=\"_blank\" rel=\"noopener\">ssh-keygen<\/a> (OpenSSH), <a href=\"https:\/\/www.a2hosting.com\/kb\/getting-started-guide\/accessing-your-account\/using-ssh-secure-shell\/\" target=\"_blank\" rel=\"noopener\">ssh<\/a>-agent\/ssh-add, OpenSSL, and utilities like puttygen or keytool for Windows\/Java workflows. Decide a target key size (2048 bits minimum; 3072 or 4096 recommended for RSA) and whether you\u2019ll protect the private key with a passphrase or store it in a hardware module or secrets manager.\n  <\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Step_1_Generate_an_RSA_key_pair_SSH-focused\"><\/span>Step 1 , Generate an RSA key pair (SSH-focused)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\n    For SSH logins, generate a new RSA key pair with ssh-keygen. Modern OpenSSH offers options to make the private key format more secure against brute-force attempts and to use a stronger KDF. The command below produces a 4096-bit RSA private key and a matching public key. Use a descriptive comment so you can identify the key later.\n  <\/p>\n<p><\/p>\n<pre><code>ssh-keygen -t rsa -b 4096 -C \"your_email@example.com\" -f ~\/.ssh\/id_rsa -o -a 100<\/code><\/pre>\n<p><\/p>\n<p>\n    When prompted, supply a strong passphrase if you want an extra layer of protection. The private key will be in ~\/.ssh\/id_rsa and the public key in ~\/.ssh\/id_rsa.pub.\n  <\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"SSH_agent_and_adding_the_key\"><\/span>SSH agent and adding the key<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\n    To use the key without entering the passphrase every time, add <a href=\"https:\/\/support.hostinger.com\/en\/articles\/1863967-how-to-point-a-domain-to-hostinger\" target=\"_blank\" rel=\"noopener\">it to<\/a> ssh-agent (only do this on a trusted machine):\n  <\/p>\n<p><\/p>\n<pre><code>eval \"$(ssh-agent -s)\"<br \/>\nssh-add ~\/.ssh\/id_rsa<\/code><\/pre>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Step_2_Install_the_public_key_on_the_server_SSH\"><\/span>Step 2 , Install the public key on the server (SSH)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\n    On the server, create the .ssh directory if needed and append your public key to authorized_keys. Correct permissions are critical , SSH rejects keys when permissions are too open.\n  <\/p>\n<p><\/p>\n<pre><code>mkdir -p ~\/.ssh<br \/>\nchmod 700 ~\/.ssh<br \/>\ncat \/path\/to\/id_rsa.pub >> ~\/.ssh\/authorized_keys<br \/>\nchmod 600 ~\/.ssh\/authorized_keys<br \/>\nchown -R $USER:$USER ~\/.ssh<\/code><\/pre>\n<p><\/p>\n<p>\n    If you manage multiple users or automated accounts, place keys in the target user&#8217;s ~\/.ssh\/authorized_keys and confirm ownership matches that user.\n  <\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Step_3_Configure_the_SSH_server\"><\/span>Step 3 , Configure the SSH server<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\n    Edit \/etc\/ssh\/sshd_config to enable public key authentication and set related options. Typical settings are shown below. After editing, restart or reload the SSH daemon.\n  <\/p>\n<p><\/p>\n<pre><code># \/etc\/ssh\/sshd_config<br \/>\nPubkeyAuthentication yes<br \/>\nAuthorizedKeysFile .ssh\/authorized_keys<br \/>\nPasswordAuthentication no    # optional: disable password logins for better security<br \/>\nPermitRootLogin prohibit-password<\/code><\/pre>\n<p><\/p>\n<p>\n    Restart SSH (<a href=\"https:\/\/www.hostinger.com\/tutorials\/linux-commands\" target=\"_blank\" rel=\"noopener\">commands<\/a> vary by distro):\n  <\/p>\n<p><\/p>\n<pre><code><a href=\"https:\/\/www.hostinger.com\/tutorials\/sudo-and-the-sudoers-file\/\" target=\"_blank\" rel=\"noopener\">sudo<\/a> systemctl restart sshd<\/code><\/pre>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Step_4_Generate_RSA_private_key_and_CSR_for_TLSHTTPS_OpenSSL\"><\/span>Step 4 , Generate RSA private key and CSR for TLS\/HTTPS (OpenSSL)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\n    For web servers or services that require an X.509 certificate, create an RSA private key and a certificate signing request (CSR). Use OpenSSL to generate a 4096-bit private key and CSR:\n  <\/p>\n<p><\/p>\n<pre><code>openssl genpkey -algorithm RSA -out server.key -pkeyopt rsa_keygen_bits:4096<br \/>\nopenssl req -new -key server.key -out server.csr<\/code><\/pre>\n<p><\/p>\n<p>\n    You will be prompted for subject fields (Common <a href=\"https:\/\/www.hostinger.com\/domain-name-search\" target=\"_blank\" rel=\"noopener\">name<\/a>\/Organization). Submit the CSR to a certificate authority (CA) or sign it yourself for internal use. To create a self-signed certificate for testing:\n  <\/p>\n<p><\/p>\n<pre><code>openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt<\/code><\/pre>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Install_the_certificate_in_web_servers\"><\/span>Install the certificate in web servers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\n    For <a href=\"https:\/\/www.a2hosting.com\/kb\/developer-corner\/nginx-web-server\/installing-the-nginx-web-server\/\" target=\"_blank\" rel=\"noopener\">nginx<\/a>:\n  <\/p>\n<p><\/p>\n<pre><code>server {<br \/>\n    listen 443 <a href=\"https:\/\/www.hostinger.com\/tutorials\/what-is-ssl\" target=\"_blank\" rel=\"noopener\">ssl<\/a>;<br \/>\n    ssl_certificate \/etc\/ssl\/certs\/server.crt;<br \/>\n    ssl_certificate_key \/etc\/ssl\/private\/server.key;<br \/>\n    ...<br \/>\n}<\/code><\/pre>\n<p><\/p>\n<p>\n    For <a href=\"https:\/\/www.hostinger.com\/tutorials\/what-is-apache\" target=\"_blank\" rel=\"noopener\">apache<\/a>:\n  <\/p>\n<p><\/p>\n<pre><code>&lt;VirtualHost *:443&gt;<br \/>\n    SSLEngine on<br \/>\n    SSLCertificateFile \/etc\/ssl\/certs\/server.crt<br \/>\n    SSLCertificateKeyFile \/etc\/ssl\/private\/server.key<br \/>\n&lt;\/VirtualHost&gt;<\/code><\/pre>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Step_5_Convert_key_formats_and_import_into_keystores\"><\/span>Step 5 , Convert key <a href=\"https:\/\/www.hostinger.com\/tutorials\/best-image-formats\" target=\"_blank\" rel=\"noopener\">formats<\/a> and import into keystores<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\n    Applications sometimes need keys in PKCS#12 or JKS formats. Convert a PEM private key and certificate into a PKCS#12 bundle, then import into a Java keystore if required:\n  <\/p>\n<p><\/p>\n<pre><code>openssl pkcs12 -export -out cert.p12 -inkey server.key -in server.crt -certfile chain.pem<br \/>\nkeytool -importkeystore -destkeystore keystore.jks -srckeystore cert.p12 -srcstoretype PKCS12<\/code><\/pre>\n<p><\/p>\n<p>\n    For <a href=\"https:\/\/www.hostinger.com\/tutorials\/how-to-use-putty-ssh\" target=\"_blank\" rel=\"noopener\">putty<\/a> on Windows, convert OpenSSH keys to PuTTY\u2019s PPK format with puttygen:\n  <\/p>\n<p><\/p>\n<pre><code>puttygen id_rsa -o id_rsa.ppk<\/code><\/pre>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Step_6_Key_management_rotation_and_security_practices\"><\/span>Step 6 , Key management, rotation and security practices<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\n    Treat private keys as sensitive secrets: store backups in an encrypted location, use hardware-backed keys or a secrets manager when possible, and rotate keys on a regular schedule. Set strict filesystem permissions (typically 600 for private keys), avoid copying private keys to shared or unsecured systems, and revoke any associated public credentials when a private key is compromised.\n  <\/p>\n<p><\/p>\n<p>\n    Choose key sizes and algorithms carefully. RSA 2048 is a common minimum, but 3072 or 4096 increases future-proofing. For new SSH deployments consider modern alternatives such as Ed25519 for better performance and smaller keys; however, RSA remains necessary when compatibility with older systems or specific certificate formats is required.\n  <\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Troubleshooting_common_issues\"><\/span>Troubleshooting common issues<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\n    If SSH rejects your key, check permissions on the client and server (~\/.ssh and authorized_keys), ensure the public key is exactly intact (no line breaks added), and verify sshd_config settings. Use verbose SSH output to diagnose connection problems:\n  <\/p>\n<p><!--KB_CAT_BLOCK--><\/p>\n<figure class=\"kb-cat-placeholder\" style=\"margin:1.75rem 0;display:block;\">\n<div class=\"kb-cat-wrap\" style=\"position:relative; overflow:hidden; border-radius:12px; box-shadow:0 10px 36px rgba(0,0,0,0.14);\"><img src=\"https:\/\/infinitydomainhosting.com\/kb\/assets\/img\/cat-default.webp\" alt=\"How to Configure Rsa Step by Step\" loading=\"lazy\" decoding=\"async\" style=\"max-width:100%;height:auto;display:block;border-radius:12px;box-shadow:0 8px 28px rgba(0,0,0,0.12);\" \/><\/p>\n<div class=\"kb-cat-gradient\" style=\"position:absolute; inset:0; background:linear-gradient(180deg, rgba(9,23,60,0.66) 0%, rgba(11,30,70,0.45) 40%, rgba(11,30,70,0.15) 100%);\"><\/div>\n<div class=\"kb-cat-textbox\" style=\"position:absolute; inset:auto 5% 7% 5%; color:#fff; text-align:center; display:flex; flex-direction:column; gap:.4rem; align-items:center; justify-content:flex-end;\">\n<div class=\"kb-cat-title\" style=\"font-weight:800; font-size:clamp(20px,3.6vw,34px); line-height:1.2; letter-spacing:.2px; text-shadow:0 1px 2px rgba(0,0,0,.35);\">How to Configure Rsa Step by Step<\/div>\n<div class=\"kb-cat-meta\" style=\"opacity:1; font-weight:600; font-size:clamp(13px,2.6vw,16px); line-height:1.45; text-shadow:0 1px 2px rgba(0,0,0,.28);\">Overview: what configuring RSA means and when to do it RSA configuration usually refers to generating and installing RSA key pairs for authentication or encryption: ssh public-key logins, tls\/https certificates,\u2026<\/div>\n<div class=\"kb-cat-desc\" style=\"opacity:1; font-weight:500; font-size:clamp(12px,2.4vw,15px); line-height:1.5; max-width:900px; text-wrap:balance; text-shadow:0 1px 2px rgba(0,0,0,.25);\">AI<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p><\/p>\n<pre><code>ssh -v user@<a href=\"https:\/\/www.a2hosting.com\/\" target=\"_blank\" rel=\"noopener\">host<\/a><\/code><\/pre>\n<p><\/p>\n<p>\n    For TLS problems, <a href=\"https:\/\/support.hostinger.com\/en\/articles\/2152545-how-to-inspect-website-elements-in-your-browser\" target=\"_blank\" rel=\"noopener\">inspect<\/a> the certificate chain and private key with OpenSSL:\n  <\/p>\n<p><\/p>\n<pre><code>openssl x509 -in server.crt -text -noout<br \/>\nopenssl rsa -in server.key -check<\/code><\/pre>\n<p><\/p>\n<p>\n    Also use s_client to test the server\u2019s presented certificates:\n  <\/p>\n<p><\/p>\n<pre><code>openssl s_client -connect example.com:443 -showcerts<\/code><\/pre>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>\n    Configuring RSA involves creating a secure private key, deriving or requesting the public material, installing the public key or certificate where it is needed, and protecting the private key with adequate permissions, passphrases, or hardware. For SSH you generate keys with ssh-keygen and put the public key into authorized_keys; for TLS you generate a private key and CSR with OpenSSL and install the signed certificate in your server. Always follow key management best practices: use appropriate key sizes, protect private keys, rotate regularly, and use strong passphrases or hardware-backed storage when possible.\n  <\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"frequently_asked_questions\"><\/span><a href=\"https:\/\/www.a2hosting.com\/blog\/create-an-faq-page\/\" target=\"_blank\" rel=\"noopener\">frequently asked questions<\/a><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"1_What_RSA_key_size_should_I_use\"><\/span>1. What RSA key size should I use?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\n    Use at least 2048 bits for current compatibility, but 3072 or 4096 bits provides stronger security and better future-proofing. For new <a href=\"https:\/\/www.hostinger.com\/tutorials\/ssh\/how-to-set-up-ssh-keys\" target=\"_blank\" rel=\"noopener\">ssh keys<\/a> consider elliptic-curve keys like Ed25519 for better efficiency, though RSA remains common for certificate-based systems.\n  <\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"2_Can_I_use_the_same_RSA_key_for_SSH_and_TLS\"><\/span>2. Can I use the same RSA key for SSH and TLS?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\n    Technically you can reuse the same RSA private key across services, but it\u2019s not recommended. Reusing keys increases impact if the key is compromised. Use separate keys for different services and keep TLS private keys within server boundaries or <a href=\"https:\/\/www.a2hosting.com\/dedicated-server-hosting\/\" target=\"_blank\" rel=\"noopener\">dedicated<\/a> security modules.\n  <\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"3_How_do_I_protect_my_RSA_private_key\"><\/span>3. How do I protect my RSA private key?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\n    Protect the file with strict filesystem permissions (600), encrypt it with a strong passphrase, store it in a hardware security module or a secrets manager, and limit copies. Regularly audit access and rotate keys when personnel or system access changes.\n  <\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"4_My_ssh_key_is_ignored_What_should_I_check\"><\/span>4. My <a href=\"https:\/\/www.hostinger.com\/tutorials\/ssh\/how-to-set-up-ssh-keys\" target=\"_blank\" rel=\"noopener\">ssh key<\/a> is ignored. What should I check?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\n    Verify file permissions for ~\/.ssh and authorized_keys, ensure the public key is complete and on one line, confirm sshd_config allows public-key authentication, and test with ssh -v to see which key the client is offering and why the server might reject it.\n  <\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"5_How_do_I_convert_an_OpenSSL_private_key_for_Java\"><\/span>5. How do I convert an OpenSSL private key for Java?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>\n    Convert the PEM key and certificate to a PKCS#12 file with openssl pkcs12 -export, then import that PKCS#12 into a Java keystore with keytool -importkeystore. This preserves the private key and certificate in a format Java applications can use.\n  <\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview: what configuring RSA means and when to do it RSA configuration usually refers to generating and installing RSA key pairs for&hellip;<\/p>\n","protected":false},"author":1,"featured_media":52867,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[8,9405,9,4594,3,10,4,11,88],"tags":[586,811,515,584,670,13696,13699,13700,13584,13697,13698,719,13701,525,406],"class_list":["post-52866","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-website-security","category-ai","category-domains","category-networking","category-php-scripts","category-servers","category-ssl-certificates","category-support","category-web-hosting","tag-authentication","tag-configuration","tag-configure","tag-encryption","tag-guide","tag-how-to-configure-rsa-step-by-step","tag-key-generation","tag-public-key","tag-rsa","tag-rsa-configuration","tag-rsa-setup","tag-setup","tag-ssh-keys","tag-step-by-step","tag-tutorial"],"_links":{"self":[{"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/posts\/52866","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/comments?post=52866"}],"version-history":[{"count":1,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/posts\/52866\/revisions"}],"predecessor-version":[{"id":52868,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/posts\/52866\/revisions\/52868"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/media\/52867"}],"wp:attachment":[{"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/media?parent=52866"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/categories?post=52866"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/tags?post=52866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}