To create a CSR in Linux,
you can use the following command:
openssl req -newkey rsa:2048 -nodes -keyout server.key -out server.csr
You can find the meaning of options in man page.
From 'man openssl':
openssl - OpenSSL command line tool
req X.509 Certificate Signing Request (CSR) Management.
From 'man req':
req - PKCS#10 certificate request and certificate generating utility.
-newkey arg
this option creates a new certificate request and a new private
key. The argument takes one of two forms. rsa:nbits, where nbits is
the number of bits, generates an RSA key nbits in size.
dsa:filename generates a DSA key using the parameters in the file
filename.
-nodes
if this option is specified then if a private key is created it
will not be encrypted.
-keyout filename
this gives the filename to write the newly created private key to.
If this option is not specified then the filename present in the
configuration file is used.
-out filename
This specifies the output filename to write to or standard output
by default.
To create a CSR with a private key in Linux,
you can use the following command:
openssl req -new -key ../private_key/rsa/privkey.pem -out cert.csr
You can find the meaning of options in man page.
From 'man req':
-new
this option generates a new certificate request. It will prompt the
user for the relevant field values. The actual fields prompted for
and their maximum and minimum sizes are specified in the
configuration file and any requested extensions.
If the -key option is not used it will generate a new RSA private
key using information specified in the configuration file.
-key filename
This specifies the file to read the private key from. It also
accepts PKCS#8 format private keys for PEM format files.
References:
http://en.wikipedia.org/wiki/Certificate_signing_request
https://www.digicert.com/csr-creation-apache.htm
https://www.openssl.org/docs/HOWTO/certificates.txt
No comments:
Post a Comment