"openssl req" - CSR (Certificate Signing Request)

This section describes the 'openssl req' command, which generates a CSR (Certificate Signing Request) or a self-signed certificate.

What Is "openssl req" Command? "openssl req" is an OpenSSL command to generate a CSR (Certificate Signing Request) or a self-signed certificate.

Here are some "openssl req" command examples:

# Generate a CSR from a private/public key pair
openssl req -new -key key.pem -out csr.pem

# Generate a private/public key pair and a CSR
openssl req -newkey rsa:2048 -keyout key.pem -out csr.pem

# Generate a self-signed certificate from a key pair
openssl req -x509 -key key.pem -out cert.pem

# print CSR information
openssl req -in csr.pem -text -noout

# verify CSR's digital signature
openssl req -in csr.pem -verify -noout

"openssl req" command options used in above examples are:

-in csr.pem    Specifies the input CSR file in PEM format
-key key.pem   Specifies the input private/public key pair
-keyout key.pem  Writes out the private/public key pair
-new           Generates a new CSR
-newkey rsa:2048  Generates a 2048-bit RSA private/public key pair 
-noout         Stops writing out the CSR
-out csr.pem   Writes out the CSR to a file 
-out cert.pem  Writes out the self-signed certificate to a file 
-text          Prints out the CSR information in text form
-verify        Verifies the digital signature of the CSR
-x509          Generate a self-signed certificate 

You can follow next tutorials to generate a CSR and send it to a CA (Certificate Authority) to sign it.

Or you can run the "man openssl-req" command on a Linux system to read the manual to explore more CSR generation options.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

 PKI Certificate File Formats

OpenSSL - Cryptography Toolkit

 What Is OpenSSL

 What Is "openssl" Command

 "openssl genpkey" - Generate Private Key

 "openssl genpkey -algorithm RSA" - RSA Private Key

 "openssl genpkey -algorithm EC" - EC Private Key

"openssl req" - CSR (Certificate Signing Request)

 "openssl req -new" - Generate CSR from Key

 "openssl req -newkey ..." - Generate Key and CSR

 "openssl req -x509" - Generate Self-Signed Certificate

 "openssl x509" - X.509 Certificate Command

 "openssl x509 -CA ..." - CA Signing Certificate

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB