First, generate a private key file with 2048 or 4096 key size. This will prompt you for a passphrase for the private key.
openssl genrsa -aes256 -out privatekey.pem 4096
Optionally, you can decrypt this private key. This will prompt you for the passphrase to decode the key.
openssl rsa -in privatekey.pem -out privatekey-decrypted.pem
Then, create a Certificate Signing Request from the private key.
openssl req -new -sha256 -key privatekey.pem -out common-name-cert.csr
Using this, you can then use a signer tool such as Venafi to sign the key. A certificate authority, can sign the certificate (essentially, adding a chain to the certificate).
Top comments (0)