Generating a Private Key and CSR in OpenSSL

To generate an CSR and a private key in Openssl you will need to enter the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout pvtkey.pem -out csr.pem

If you wish to protect the private key with a passphrase then exclude the "-nodes" command.

Once you have executed the command you will be asked a few questions, fill in the County Name, State or Province Name, City, and Organization Name with the relevant information.

Once you get to the Common Name entry you will need to put in your domain name, like "". If you have a wildcard certificate you will need to prefix the Common Name with "*.", so an example of a wildcard Common Name would be "*".

Finally fill in the Email Address. Once you have done this you will have generated a 2048 bit RSA private key called "pvekey.pem" and a 2048 bit RSA CSR called "csr.pem".

To view the keys you can use the following commands to view the private key and CSR, respectively.

openssl rsa -in pvtkey.pem -check

openssl req -verify -in CSR.csr

You can then use the CSR to sign a certificate.

Is article helpful?