Web Server Management: Securing Access to Web Servers | ||
---|---|---|
Prev | Chapter 3. Creating keys and certificates | Next |
It is possible to combine creation a key pair and CSR in a single command.
$ openssl req -new -newkey rsa:2048 -out WWW.csr -keyout WWW.key Generating a 2048 bit RSA private key ............................................................+++ ..........................................................................+++ writing new private key to 'WWW.key' Enter PEM pass phrase:password Verifying - Enter PEM pass phrase: password ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:GB State or Province Name (full name) [Some-state]:England Locality Name (eg, city) []:Cambridge Organization Name (eg, company) [Internet Widgits Pty Ltd]:University of Cambridge Organizational Unit Name (eg, section) []:Computing Service Common Name (eg, your name or your server's hostname) []:clt1.csi.cam.ac.uk Email Address []:jw35@cam.ac.uk Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
Arguments used
-new
used when creating a new CSR, rather than processing an existing one
-newkey
specification of the key to generate
-out
name of the file to receive the CSR
-keyout
name of the file to receive the key