Certificates
OpenSSL Commands for Generating Keys and Certificates
Generate a Private Key for the CA
Generates a 2048-bit private key for the CA.
openssl genrsa -out ca.key 2048Create a Self-Signed Certificate for the CA
Generates a self-signed CA certificate valid for 365 days. You will be prompted to enter information about the CA.
openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.crtGenerating Public and Private Keys
Generate a Private Key
Generates a 2048-bit private key.
openssl genrsa -out server.key 2048Create a Certificate Signing Request (CSR)
Generates a CSR using the private key. You will be prompted to enter information about the certificate.
openssl req -new -key server.key -out server.csrSign the CSR with the CA to Create the Certificate
Signs the CSR with the CA’s private key to generate a certificate valid for 365 days.
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -sha256Viewing the Public Key Information
Generate a Private Key
Generates a 2048-bit private key.
openssl genrsa -out server.key 2048Create a Certificate Signing Request (CSR)
Generates a CSR using the private key. You will be prompted to enter information about the certificate.
openssl req -new -key server.key -out server.csrSign the CSR with the CA to Create the Certificate
Signs the CSR with the CA’s private key to generate a certificate valid for 365 days.
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -sha256View Public Key Information from the Certificate
Displays the content of the certificate, including the public key information.
openssl x509 -in server.crt -text -nooutExtract the Public Key from the Private Key
Extracts the public key from the private key and saves it to a file.
openssl rsa -in server.key -pubout -out server_public.keyView Public Key Information from the Public Key File
Displays the content of the public key file.
openssl rsa -pubin -in server_public.key -text -noout