OpenSSL "ca" - Create CSR for Testing


How to generate a new CSR to test the OpenSSL "ca" command?



If you need some CSR (Certificate Signing Request) for testing purpose, you can generate them using the OpenSSL "req" command as shown below:


OpenSSL> req -newkey rsa:1024 -out test.csr
Generating a 1024 bit RSA private key
writing new private key to 'privkey.pem'
Enter PEM pass phrase:fyicenter
Verifying - Enter PEM pass phrase:fyicenter
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:NY
Locality Name (eg, city) []:NY
Organization Name (eg, company) [Internet Widgits Pty Ltd]
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:fyicenter
An optional company name []:

Notes about this test:

  • The "-newkey rsa:1024" option tells "req" command to generate a new pair of 1024-bit RSA private key and public key.
  • The "-out test.csr" option tells "req" command to save the new CSR to file "test.csr".
  • The "writing new private key to 'privkey.pem'" message indicates that the "req" command was saved the RSA private key (with the public key too) to file "privkey.pem".
  • The "Enter PEM pass phrase:fyicenter" prompt indicates that the RSA private key file "privkey.pem" was encrypted with the "fyicenter" password.


OpenSSL "ca" - Create CA Certificate for Testing

OpenSSL "ca" Command Options

OpenSSL "ca" Command

⇑⇑ OpenSSL Tutorials

2016-09-18, 2295🔥, 0💬