What I am trying to do is, create a CSR and with a private key that is password protected (the key). In OpenSSL I can create a private key with a password like so: openssl genrsa -des3 -out privkey.pem 2048 Is there some way I can use the key I just created and generate a CSR using the key?
In this article you’ll find how to generate CSR (Certificate Signing Request) using OpenSSL from the Linux command line, without being prompted for values which go in the certificate’s subject field.
A Guide on How To Secure Cryptographic Keys Swati Goyal The rise of the cryptocurrency industry and the digitization of the banking industry have been crucial steps towards achieving an advanced. Cryptographic key management. Nov 04, 2014 Meet Eddie Woo, the maths teacher you wish you’d had in high school Australian Story - Duration: 28:09. ABC News In-depth Recommended for you.
Below you’ll find two examples of creating CSR using OpenSSL.
In the first example, i’ll show how to create both CSR and the new private key in one command.
And in the second example, you’ll find how to generate CSR from the existing key (if you already have the private key and want to keep it).
Both examples show how to create CSR using OpenSSL non-interactively (without being prompted for subject), so you can use them in any shell scripts.
Use the following command to create a new private key 2048 bits in size example.key
and generate CSR example.csr
from it:
Option | Description |
---|---|
openssl req | certificate request generating utility |
-nodes | if a private key is created it will not be encrypted |
-newkey | creates a new certificate request and a new private key |
rsa:2048 | generates an RSA key 2048 bits in size |
-keyout | the filename to write the newly created private key to |
-out | specifies the output filename |
-subj | sets certificate subject |
Use the following command to generate CSR example.csr
from the private key example.key
:
Openssl generate key pair without passphrase. The puttygen.exe executable fromIf you don’t already have Ubuntu on Windows, take a look at our tutorial. Previous step 2. RequirementsAll you need is a PC running Windows 10 and either of the following installed:.
Option | Description |
---|---|
openssl req | certificate request generating utility |
-new | generates a new certificate request |
-key | specifies the file to read the private key from |
-out | specifies the output filename |
-subj | sets certificate subject |
The magic of CSR generation without being prompted for values which go in the certificate’s subject field, is in the -subj
option.
-subj arg | Replaces subject field of input request with specified data and outputs modified request. The arg must be formatted as /type0=value0/type1=value1/type2=…, characters may be escaped by (backslash), no spaces are skipped. |
The fields, required in CSR are listed below:
Field | Meaning | Example |
---|---|---|
/C= | Country | GB |
/ST= | State | London |
/L= | Location | London |
/O= | Organization | Global Security |
/OU= | Organizational Unit | IT Department |
/CN= | Common Name | example.com |
You’ve created encoded file with certificate signing request.
Now you can decode CSR to verify that it contains the correct information.