OpenSSL Commands

A collection of useful OpenSSL commands

Assumes the following files:

privkey.pem - a private key
cert.pem - a X.509 certificate
certreq.csr - a certificate signing request

# Generate a new RSA 2048 bit key
openssl genrsa -des3 -out privkey.pem 2048

# Generate a new certificate request
openssl req -new -key privkey.pem -out certreq.csr

# ...using values from a config file
openssl req -new -key privkey.pem -config cert.config -out certreq.csr

# Check a Certificate Signing Request (CSR)
openssl req -text -noout -verify -in certreq.csr

# Check a certificate
openssl x509 -in cert.pem -text -noout


The cert.config file looks as follows:

[ req ]
 default_bits           = 2048
 default_keyfile        = privkey.pem
 distinguished_name     = req_distinguished_name
 attributes             = req_attributes
 prompt                 = no

 [ req_distinguished_name ]
 C                      = US
 ST                     = Tennessee
 L                      = Chattanooga
 O                      = My Organisations Name
 OU                     = Department Name
 CN                     = My Name
 emailAddress           = info@company.com

 [ req_attributes ]
 keyUsage               = critical,clientAuth
 extendedKeyUsage       = clientAuth