These commands allow you to generate CSRs, Certificates, Private Keys and do other miscellaneous tasks.
### Generate a new private key and Certificate Signing Request ###
* Create Key
openssl genrsa -des3 -out www.adminlgos.info.key 2048
* Create CSR
openssl req -new -key www.adminlogs.info.key -out www.adminlogs.info.csr
Or you can execute the above two commands in a single line as follows
openssl req -out www.adminlogs.csr -new -newkey rsa:2048 -nodes -keyout www.adminlogs.key
While creating CSR , you need to fill the following things
Country, State (or Province), Locality (or City), Organization, Organizational Unit, and Common Name. Please note:
- The Country is a two-digit code — for the United States, it’s ‘US’.
- State and Locality are full names, i.e. ‘California’, ‘Los Angeles’.
- The Organization Name is your Full Legal Company or Personal Name, as legally registered in your locality.
- The Organizational Unit is whichever branch of your company is ordering the certificate such as accounting, marketing, etc.
- The Common Name is the Fully Qualified Domain Name (FQDN) for which you are requesting the ssl certificate.
If you are generating a CSR for a Wildcard Certificate your common name must start with *. (for example: *.adminlogs.info). The wildcard character (*) will be able to assume any name that does not have a “dot” character in it.
Once your CSR is created, you will be able to simply copy and paste the csr and contact your ssl provider for the CRT.
* Generate a self-signed certificate
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout www.adminlogs.key -out www.adminlogs.crt
* Generate a certificate signing request (CSR) for an existing private key
openssl req -out www.adminlogs.csr -key www.adminlogs.key -new
* Generate a certificate signing request based on an existing certificate
openssl x509 -x509toreq -in www.adminlogs.crt -out www.adminlogs.csr -signkey www.adminlogs.key
* Remove a passphrase from a private key
openssl rsa -in www.adminlogs.pem -out adminlogs.pem
### Verify the key and cert Using OpenSSL command ###
If you need to check the information within a Certificate, CSR or Private Key, use these commands. You can also check CSRs and check certificates using our online tools.
* Verify a Certificate Signing Request (CSR)
openssl req -text -noout -verify -in www.adminlogs.csr
* Verify a private key
openssl rsa -in www.adminlogs.key -check
* Verify a certificate
openssl x509 -in www.adminlogs.crt -text -noout
Also if you are facing any issues with SSL installation, then ensure the MODULUS and PUBLIC EXPONENT fields match for the public and private key.
openssl x509 -noout -text -in [path of certificate]
openssl rsa -noout -text -in [path of private key]