PKI Certificate Tutorials - Herong's Tutorial Examples - v1.12, by Herong Yang
"openssl req" - CSR (Certificate Signing Request)
This section describes the 'openssl req' command, which generates a CSR (Certificate Signing Request) or a self-signed certificate.
What Is "openssl req" Command? "openssl req" is an OpenSSL command to generate a CSR (Certificate Signing Request) or a self-signed certificate.
Here are some "openssl req" command examples:
# Generate a CSR from a private/public key pair openssl req -new -key key.pem -out csr.pem # Generate a private/public key pair and a CSR openssl req -newkey rsa:2048 -keyout key.pem -out csr.pem # Generate a self-signed certificate from a key pair openssl req -x509 -key key.pem -out cert.pem # print CSR information openssl req -in csr.pem -text -noout # verify CSR's digital signature openssl req -in csr.pem -verify -noout
"openssl req" command options used in above examples are:
-in csr.pem Specifies the input CSR file in PEM format -key key.pem Specifies the input private/public key pair -keyout key.pem Writes out the private/public key pair -new Generates a new CSR -newkey rsa:2048 Generates a 2048-bit RSA private/public key pair -noout Stops writing out the CSR -out csr.pem Writes out the CSR to a file -out cert.pem Writes out the self-signed certificate to a file -text Prints out the CSR information in text form -verify Verifies the digital signature of the CSR -x509 Generate a self-signed certificate
You can follow next tutorials to generate a CSR and send it to a CA (Certificate Authority) to sign it.
Or you can run the "man openssl-req" command on a Linux system to read the manual to explore more CSR generation options.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
►OpenSSL - Cryptography Toolkit
"openssl genpkey" - Generate Private Key
"openssl genpkey -algorithm RSA" - RSA Private Key
"openssl genpkey -algorithm EC" - EC Private Key
►"openssl req" - CSR (Certificate Signing Request)
"openssl req -new" - Generate CSR from Key
"openssl req -newkey ..." - Generate Key and CSR
"openssl req -x509" - Generate Self-Signed Certificate
"openssl x509" - X.509 Certificate Command
"openssl x509 -CA ..." - CA Signing Certificate
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File