Certificates are created for authentication. They associate a public key with the identity of a user or server. Because OpenSSL uses private keys to generate public keys, the first step for creating a certificate is to generate a private key, as described in the previous sections.
The next step is to generate a certificate request, or Certificate Signing Request (CSR), using the private key. You can send the CSR to a Certificate Authority for signing into a certificate, or you can create a self-signed certificate (not recommended, except for testing or other internal use).
To create a CSR with the RSA server private key, enter the following command:
openssl req -config openssl.cnf -new -key server.key -out server.csr
You are prompted for several answers to identify the request.
Note: This command presupposes the existence of an openssl configuration file in the present working directory. The file is located at <install dir>\SSL\bin\openssl.cnf. If you change the name, or move it to another location, you must supply the correct location of openssl.cnf in the command line.
The CSR output file will be in ASCII PEM Privacy Enhanced Mail (PEM) format. You can specify a different format with the -outform option. See the online guide for a list of supported formats.
To view details about the CSR, use the following command:
openssl req -noout -text -in server.csr
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |