Assumes the following files:
privkey.pem - a private key
cert.pem - a X.509 certificate
certreq.csr - a certificate signing request
# Generate a new RSA 2048 bit key openssl genrsa -des3 -out privkey.pem 2048 # Generate a new certificate request openssl req -new -key privkey.pem -out certreq.csr # ...using values from a config file openssl req -new -key privkey.pem -config cert.config -out certreq.csr # Check a Certificate Signing Request (CSR) openssl req -text -noout -verify -in certreq.csr # Check a certificate openssl x509 -in cert.pem -text -noout
The cert.config file looks as follows:
[ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no [ req_distinguished_name ] C = US ST = Tennessee L = Chattanooga O = My Organisations Name OU = Department Name CN = My Name emailAddress = info@company.com [ req_attributes ] keyUsage = critical,clientAuth extendedKeyUsage = clientAuth