OpenSSL "req -new" - Generate New CSR

Q

How to generate a new CSR (Certificate Signing Request) using OpenSSL "req -new" command? I have an RSA private key (including public key) ready.

✍: FYIcenter.com

A

If you have a pair of RSA private key and public key, and you want to generate CSR (Certificate Signing Request) to represent your personal identity or server identity, you can use the OpenSSL "req -new" command as shown below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> genpkey -algorithm rsa -out my_rsa.key
..........................++++++
......................++++++

OpenSSL> req -new -key my_rsa.key -out my_rsa.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:us
State or Province Name (full name) [Some-State]:NY
Locality Name (eg, city) []:New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Donald Inc.
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:www.donald.inc
Email Address []:john@donald.inc

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:fyicenter
An optional company name []:

OpenSSL> exit
C:\Users\fyicenter>type my_rsa.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIB5DCCAU0CAQAwgYkxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJOWTERMA8GA1UE
BwwITmV3IFlvcmsxFDASBgNVBAoMC0RvbmFsZCBJbmMuMQswCQYDVQQLDAJJVDEX
MBUGA1UEAwwOd3d3LmRvbmFsZC5pbmMxHjAcBgkqhkiG9w0BCQEWD2pvaG5AZG9u
YWxkLmluYzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0YsYH42Nv83SdfDp
8Eolc5gSgoeRmM3719o2JSwtwx3xrLZ2y9H8Zx8Ys4OvGRuKED35iiUBhdoW0Pr0
Ps2mHwt95imRhfpZ/jZcUJPg++NqY+RmHpyD4yh7IVdz9Rh7mwMPZ1u9VgHdMsoy
+wR1d51m3sEfgAHHvFemC7eeJlcCAwEAAaAaMBgGCSqGSIb3DQEJBzELDAlmeWlj
ZW50ZXIwDQYJKoZIhvcNAQELBQADgYEAMx2S1f1N8psYGKckffNA86dh8ChGwOqI
vfcExgF5GUdOyMjqoV2zUwPu0mjX9mqNLZVYzUTTnVuRSwJ2MESxNwWeaPoEZH5G
jfhXzyxnhHHXNgh1QltTzj9pvFc0XkF3I6+1SCiL1yATj60fLuo0qjY9gZa2TWR+
sqZbNmutv6I=
-----END CERTIFICATE REQUEST-----

Options used in this "req" command are:

"-new" - Generate a CSR (Certificate Signing Request).
"-key my_rsa.key" - Use RSA public key from the given file.
"-out my_rsa.csr" - Save output, CSR, to the given file.
"fyicenter" - Password to protect the CSR.

⇒ OpenSSL "req -text" - Print CSR in Text

⇐ OpenSSL "req" Command Options

⇑ OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-12-14, 3862🔥, 0💬

OpenSSL "req -pubkey" - Extract Public Key from CSR
How to extract the public key from a CSR using OpenSSL "req -pubkey" command? If you want to extract the public key from a CSR (Certificate Signing Request), you can use the OpenSSL "req -pubkey" command as shown below: C:\Users\fyicenter>\loc al\openssl\openssl.exeOpenSSL> req -in my_... 2016-11-20, 11301🔥, 0💬

OpenSSL "req" Command Options
What can I use OpenSSL "req" command for? What are options supported by the "req" command? OpenSSL "req" command is a certificate request and certificate generating utility. It can be used to generate Certificate Signing Request (CSR) and sign CSR. Here are options supported by the "req" command: C:... 2023-04-05, 10953🔥, 1💬

💬 2023-04-05 Hermine242: openssl req-x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

OpenSSL "req" Command
Where to find tutorials on using OpenSSL "req" commands for certificate request and certificate generation? Here is a collection of tutorials on using OpenSSL "req" command compiled by FYIcenter.com team to generate Certificate Signing Request (CSR) and sign CSR. OpenSSL "req" Command Options OpenSS... 2016-12-15, 9779🔥, 0💬

OpenSSL "req -verify" - Verify Signature of CSR
How to verify the digital signature inside a CSR using OpenSSL "req -verify" command? If you want to verify the digital signature inside a CSR (Certificate Signing Request), you can use the OpenSSL "req -verify" command as shown below: C:\Users\fyicenter>\loc al\openssl\openssl.exeOpenSSL&... 2023-05-26, 9435🔥, 1💬

💬 2023-05-26 Breck: -----BEGIN CERTIFICATE REQUEST----- MIICszCCAZsCAQAwbjELMAkGA1UEBhMCRUUx ETAPBgNVBAgMCEhhcmp1bWFhMRAwDgYDVQQH DAdUYWxsaW5uMRgwFgYD...

OpenSSL CSR File Structure and Components
What is the OpenSSL CSR file structure and components? By default, CSR (Certificate Signing Request) files generated by the OpenSSL "req" command follow these rules: 1. CSR files are stored in PEM (Privacy-enhanced mail) format, which uses DER (Distinguished Encoding Rules) standard to serialize dat... 2018-01-19, 4576🔥, 1💬

💬 2018-01-19 guest: req -new -newkey rsa: 1024 -nodes -keyout mykey.pe>m -out myreq.pem -config openssl-san.cnf

OpenSSL "req -new" - Generate New CSR
How to generate a new CSR (Certificate Signing Request) using OpenSSL "req -new" command? I have an RSA private key (including public key) ready. If you have a pair of RSA private key and public key, and you want to generate CSR (Certificate Signing Request) to represent your personal identity or se... 2016-12-14, 3863🔥, 0💬

OpenSSL "dsa" - Open Encrypted DSA Keys
How to open an encrypted DSA key file using OpenSSL "dsa" command? I was told the key file is DES encrypted and I know the password. If you are trying to open a password (encrypted) DSA key file using the "dsa" command, you will be prompted for the password as shown below: C:\Users\fyicenter>... 2016-12-18, 2931🔥, 0💬

OpenSSL "dsa -aes*" - Re-Encrypt DSA Keys
How to re-encrypt a DSA key file using OpenSSL "dsa" command? I want to change the encryption password, and maybe change the encryption algorithm. If you want to encrypt an existing DSA key file again, you can use the "dsa -aes*" command as shown below: C:\Users\fyicenter>\loc al\openssl\opens... 2016-12-15, 2408🔥, 0💬

OpenSSL "req -text" Output and CSR Components
How to identify CSR components in OpenSSL "req -text" command output? OpenSSL "req -text" command output displays all components in a CSR with proper labels to help you identify each component. Below is a good example of the "req -text" command output: C:\Users\fyicenter>\loc al\openssl\openss... 2016-11-23, 2256🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.