|
Linux /
CertificatSSL-KEYCSRCRTGenerate a Private Key and a CSRUse this method if you want to use HTTPS (HTTP over TLS) to secure your Apache HTTP or Nginx web server, and you want to use a Certificate Authority (CA) to issue the SSL certificate. The CSR that is generated can be sent to a CA to request the issuance of a CA-signed SSL certificate. If your CA supports SHA-2, add the -sha256 option to sign the CSR with SHA-2. This command creates a 2048-bit private key (domain.key) and a CSR (domain.csr) from scratch: openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr Answer the CSR information prompt to complete the process. The -newkey rsa:2048 option specifies that the key should be 2048-bit, generated using the RSA algorithm. The -nodes option specifies that the private key should not be encrypted with a pass phrase. The -new option, which is not included here but implied, indicates that a CSR is being generated. Generate a CSR from an Existing Private KeyUse this method if you already have a private key that you would like to use to request a certificate from a CA. This command creates a new CSR (domain.csr) based on an existing private key (domain.key): openssl req -key domain.key -new -out domain.csr Answer the CSR information prompt to complete the process. The -key option specifies an existing private key (domain.key) that will be used to generate a new CSR. The -new option indicates that a CSR is being generated. Generate a CSR from an Existing Certificate and Private KeyUse this method if you want to renew an existing certificate but you or your CA do not have the original CSR for some reason. It basically saves you the trouble of re-entering the CSR information, as it extracts that information from the existing certificate. This command creates a new CSR (domain.csr) based on an existing certificate (domain.crt) and private key (domain.key): openssl x509 -in domain.crt -signkey domain.key -x509toreq -out domain.csr The -x509toreq option specifies that you are using an X509 certificate to make a CSR. |