How do i create an openssl certificate signing request and key file?



  • The Certificate Signing Request - CSR, can be sent to a Certificate Authority, and they will provide you with a signed certificate that usually in PEM format or DER format.

           -newkey arg
    	   This option creates a new certificate request and a new private
    	   key. The argument takes one of several forms. rsa:nbits, where
    	   nbits is the number of bits, generates an RSA key nbits in size. If
    	   nbits is omitted, i.e. -newkey rsa specified, the default key size,
    	   specified in the configuration file is used.
    
    	   All other algorithms support the -newkey alg:file form, where file
    	   may be an algorithm parameter file, created by the genpkey
    	   -genparam command or and X.509 certificate for a key with
    	   appropriate algorithm.
    
    	   param:file generates a key using the parameter file or certificate
    	   file, the algorithm is determined by the parameters. algname:file
    	   use algorithm algname and parameter file file: the two algorithms
    	   must match or an error occurs. algname just uses algorithm algname,
    	   and parameters, if necessary should be specified via -pkeyopt
    	   parameter.
    
    	   dsa:filename generates a DSA key using the parameters in the file
    	   filename. ec:filename generates EC key (usable both with ECDSA or
    	   ECDH algorithms), gost2001:filename generates GOST R 34.10-2001 key
    	   (requires ccgost engine configured in the configuration file). If
    	   just gost2001 is specified a parameter set should be specified by
    	   -pkeyopt paramset:X
    
           -nodes
               If this option is specified then if a private key is created it
               will not be encrypted.
    
           -keyout filename
               This gives the filename to write the newly created private key to.
               If this option is not specified then the filename present in the
               configuration file is used.
    
           -out filename
               This specifies the output filename to write to or standard output
               by default.
    

    Command to create the CSR and Private Key.

    $ openssl req -out acmerides.csr -newkey rsa:2048 -nodes -keyout acmerides.key
    

    The two output files generated.

    -rw-------.  1 trainer trainer    1704 Mar 10 14:06 acmerides.key
    -rw-rw-r--.  1 trainer trainer     956 Mar 10 14:06 acmerides.csr
    

Log in to reply
 

© Lightnetics 2024