First, generate a private key file with 2048 or 4096 key size. This will prompt you for a passphrase for the private key.
openssl genrsa -aes256 -out privatekey.pem 4096
Optionally, you can decrypt this private key. This will prompt you for the passphrase to decode the key.
openssl rsa -in privatekey.pem -out privatekey-decrypted.pem
If you want to directly create an (unencrypted) private key, you may run the following command:
openssl genrsa -out privatekey.pem 2048
Then, create a Certificate Signing Request from the private key.
openssl req -new -sha256 -key privatekey.pem -out request.csr
Using this, you can then use a signer tool such as Venafi to sign the key. A certificate authority, can sign the certificate (essentially, adding a chain to the certificate).
For self-signed certificates, you may use the following command:
openssl x509 -req -days 365 -in request.csr -signkey privatekey.pem -out publiccertificate.pem
Top comments (0)