Generating CSRs

Generate a private key and a CSR

This command creates a 2048-bit private key (domain.key) and a CSR (domain.csr) from scratch:

1
2
3

$ openssl req \
       -newkey rsa:2048 -nodes -keyout domain.key \
       -out domain.csr

• The -newkey rsa:2048 option specifies that the key should be 2048-bit, generated using the RSA algorithm.

• The -nodes option specifies that the private key should not be encrypted with a pass phrase.

• The -new option, which is not included here but implied, indicates that a CSR is being generated.

Generate a CSR from a existing private key

This command creates a new CSR (domain.csr) based on an existing private key (domain.key):

1
2
3

$ openssl req \
       -key domain.key \
       -new -out domain.csr

• The -key option specifies an existing private key (domain.key) that will be used to generate a new CSR.
• The -new option indicates that a CSR is being generated.

Generate a CSR from an existing certificate and private key

This command creates a new CSR (domain.csr) based on an existing certificate (domain.crt) and private key (domain.key):

1
2
3
4

$ openssl x509 \
       -in domain.crt \
       -signkey domain.key \
       -x509toreq -out domain.csr

• The -x509toreq option specifies that you are using an X509 certificate to make a CSR.