Useful OpenSSL Commands

What's a CSR?

A Certificate Signing Request (CSR) is a message sent to a Certification Authority (CA) to request a public key certificate for an entity (such as a person or a web server). The majority of public key certificates issued are SSL certificates, which are used to secure communications with web sites. Before a CSR can be created, a key pair, which comprises a public and private key, must be generated.

 

Generate a Key

To generate an RSA key use the genrsa option. The command below generates a 2048 bit RSA key and saves it to a file called key.pem

openssl genrsa -out key.pem 2048 

If you require that your private key file is protected with a passphrase, use the command below.

openssl genrsa -des3 -out key.pem 2048 

Generate a CSR

If you already have a key, the command below can be used to generates a CSR and save it to a file called req.pem

This is an interactive command that will prompt you for fields that make up the subject distinguished name of the CSR.

openssl req -new -key key.pem -out req.pem

If you do not have a key, the command below will generate a new key and an associated CSR.

The private key will not be protected by a passphrase.

openssl req /     -new -newkey rsa:2048 -nodes /     -keyout key.pem -out req.pem

View the contents of a CSR

To decode a CSR you can use our online CSR Decoder. However, if you prefer to decode your CSR locally use the command below.

openssl req -in req.pem -noout -text

View the contents of a certificate

To decode a certificate you can use our online Certificate Decoder. However, if you prefer to decode your certificate locally use the command below.

openssl x509 -text -in cert.pem

 

Reference:

http://www.redkestrel.co.uk/tools.html