OpenSSL "req -new -x509" - Generate Self-Signed Certificate

Q

How to generate a new self-signed certificate using OpenSSL "req -new -x509" command? I have an RSA private key (including public key) ready.

✍: FYIcenter.com

A

If you have a pair of RSA private key and public key, and you want to generate a self-signed certificate to represent your personal identity or server identity, you can use the OpenSSL "req -new -x509" command as shown below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> req -new -x509 -key my_rsa.key -out my_rsa.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:us
State or Province Name (full name) [Some-State]:NY
Locality Name (eg, city) []:New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Donald Inc.
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:www.donald.inc
Email Address []:john@donald.inc

OpenSSL> exit
C:\Users\fyicenter>type my_rsa.crt
-----BEGIN CERTIFICATE-----
MIIC4jCCAkugAwIBAgIJAJ48n71hteXyMA0GCSqGSIb3DQEBCwUAMIGJMQswCQYD
VQQGEwJ1czELMAkGA1UECAwCTlkxETAPBgNVBAcMCE5ldyBZb3JrMRQwEgYDVQQK
DAtEb25hbGQgSW5jLjELMAkGA1UECwwCSVQxFzAVBgNVBAMMDnd3dy5kb25hbGQu
aW5jMR4wHAYJKoZIhvcNAQkBFg9qb2huQGRvbmFsZC5pbmMwHhcNMTYwODIwMTgz
MDQzWhcNMTYwOTE5MTgzMDQzWjCBiTELMAkGA1UEBhMCdXMxCzAJBgNVBAgMAk5Z
MREwDwYDVQQHDAhOZXcgWW9yazEUMBIGA1UECgwLRG9uYWxkIEluYy4xCzAJBgNV
BAsMAklUMRcwFQYDVQQDDA53d3cuZG9uYWxkLmluYzEeMBwGCSqGSIb3DQEJARYP
am9obkBkb25hbGQuaW5jMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRixgf
jY2/zdJ18OnwSiVzmBKCh5GYzfvX2jYlLC3DHfGstnbL0fxnHxizg68ZG4oQPfmK
JQGF2hbQ+vQ+zaYfC33mKZGF+ln+NlxQk+D742pj5GYenIPjKHshV3P1GHubAw9n
W71WAd0yyjL7BHV3nWbewR+AAce8V6YLt54mVwIDAQABo1AwTjAdBgNVHQ4EFgQU
DM9Fx582wt3zNkkL6cJl3/1hG5UwHwYDVR0jBBgwFoAUDM9Fx582wt3zNkkL6cJl
3/1hG5UwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBoKd9nodQKUyMy
TwfvF481mizImkeCxRJGJiPTE8Qq1NrchDxfJcKqITnqnlpDjNYDlxb40ERx7Uo8
f9z7/AmJPo+/th0pQ8FwT3whGfnF5Fo9ce+AtS5Kk+kNIyhzJbFFctu6rF9V74xG
lFtY38unMTOlg9eNhnuddN7tY6g/Mg==
-----END CERTIFICATE-----

Options used in this "req" command are:

  • "-new" - Generate a CSR (Certificate Signing Request).
  • "-key my_rsa.key" - Use RSA public key from the given file.
  • "-out my_rsa.crt" - Save output, self-signed certificate, to the given file.

 

OpenSSL "x509 -text" - View Self-Signed Certificate in Text

OpenSSL "req -newkey" - Generate Private Key and CSR

OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-11-12, 1023👍, 0💬