OpenSSL generate certificate command in detail

1. Generate CSR

OpenSSL req-new-newkey rsa:2048-nodes-keyout your domain name. key-out your domain name. CSR

The REQ command is primarily used to generate and process PKCS#10 certificate requests.

-new

Generates a new certificate request with a private key, which defaults to 1024 bits.

-newkey rsa:bits

Used to generate a new RSA key and a certificate request. If the user does not know the generated private key file name, the default takes Privkey.pem, which generates a certificate request. If the user does not specify an output file (-out), the certificate request file is printed on the screen. The generated private key file can be specified with-keyout. During the build process, the user is required to enter a protection password for the private key and some information in the certificate request.

-keyout

Specifies the name of the generated private key file.

Example:

OpenSSL req–new

OpenSSL req–new–config myconfig.cnf

OpenSSL req–subj/cn=cn/o=test/ou=abc/cn=forxy

OpenSSL Req-newkey rsa:1024

OpenSSL req-newkey rsa:1024-out myreq.pem–keyout Myprivatekey.pem

OpenSSL req-newkey rsa:1024-out myreq.pem-keyout myprivatekey.pem-outform DER

-out filename

The name of the file to output. -nodes

No Password required

OpenSSL x509-req-days 365-in server.csr-signkey server.key-out server.crt

The X509 command is a multi-purpose certificate tool. It can display certificate information, convert certificate formats, sign certificate requests, and change trust settings for certificates.

-req

The input is a certificate request and needs to be processed.

-days Arg

Set the certificate validity period.

-in filename

Specifies the input file name.

-signkey filename

Specifies a self-signed private key file.

-out filename

Specifies the output file name.