OpenSSL Commands

Create a simple certificate request with new key

openssl req -batch -sha256 -newkey 2048:rsa -passout pass:your_password_here -keyout /home/fi5cher.de_key.pem -out /home/fi5cher.de_csr.pem -subj "/C=DE/ST=BY/L=Munich/O=FI5CHER/OU=FI5CHER/"

Create a simple certificate request for an existing key

openssl req  -new -key  /etc/pki/tls/private/icinga_key.pem  -sha512 -keyout /home/fi5cher.de_key.pem -out /home/fi5cher.de_csr.pem -subj "/C=DE/ST=BY/L=Munich/O=FI5CHER/OU=FI5CHER/"

Create a simple certificate request with a subject alternative name

( see )

create /root/

req_extensions = v3_req
distinguished_name     = req_distinguished_name
default_bits           =  2048
default_keyfile        = privkey.pem
attributes             = req_attributes

[ req_attributes ]
unstructuredName                = An optional company name

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName          = @alt_names

DNS.1   =
DNS.2   =

[ req_distinguished_name ]
countryName                    = C
countryName_default            = DE
countryName_min                = 2
countryName_max                = 2

localityName                   = Loc
localityName_default           = Munich

organizationName          = O
organizationName_default = FI5CHER

organizationalUnitName         = OU
organizationalUnitName_default = FI5CHER

commonName                     = CN
commonName_default             =

now run:
openssl req  -config /root/ -newkey rsa:2048 -sha256 -keyout -out

Make a PKCS12 file

openssl pkcs12 -in /root/server123.fi5cher.de_cert.pem -inkey /root/server123.fi5cher.de_key.pem -export -out /root/

Test a ssl connection

openssl s_client -showcerts -connect

openssl s_client -showcerts -CAfile /etc/pki/YourRootCA.pem -connect

Back to Top
We use cookies

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.