How do i create an openssl certificate signing request and key file?
-
The Certificate Signing Request - CSR, can be sent to a Certificate Authority, and they will provide you with a signed certificate that usually in PEM format or DER format.
-newkey arg This option creates a new certificate request and a new private key. The argument takes one of several forms. rsa:nbits, where nbits is the number of bits, generates an RSA key nbits in size. If nbits is omitted, i.e. -newkey rsa specified, the default key size, specified in the configuration file is used. All other algorithms support the -newkey alg:file form, where file may be an algorithm parameter file, created by the genpkey -genparam command or and X.509 certificate for a key with appropriate algorithm.
param:file generates a key using the parameter file or certificate file, the algorithm is determined by the parameters. algname:file use algorithm algname and parameter file file: the two algorithms must match or an error occurs. algname just uses algorithm algname, and parameters, if necessary should be specified via -pkeyopt parameter. dsa:filename generates a DSA key using the parameters in the file filename. ec:filename generates EC key (usable both with ECDSA or ECDH algorithms), gost2001:filename generates GOST R 34.10-2001 key (requires ccgost engine configured in the configuration file). If just gost2001 is specified a parameter set should be specified by -pkeyopt paramset:X
-nodes If this option is specified then if a private key is created it will not be encrypted.
-keyout filename This gives the filename to write the newly created private key to. If this option is not specified then the filename present in the configuration file is used.
-out filename This specifies the output filename to write to or standard output by default.
Command to create the CSR and Private Key.
$ openssl req -out acmerides.csr -newkey rsa:2048 -nodes -keyout acmerides.key
The two output files generated.
-rw-------. 1 trainer trainer 1704 Mar 10 14:06 acmerides.key -rw-rw-r--. 1 trainer trainer 956 Mar 10 14:06 acmerides.csr
© Lightnetics 2024