Private Key

Create a Private Key

Use this command to create a password-protected, 2048-bit private key (domain.key):

1

$ openssl genrsa -des3 -out domain.key 2048

Verify a Private Key

Use this command to check that a private key (domain.key) is a valid key:

1

$ openssl rsa -check -in domain.key

Verify a Private Key Matches a Certificate and CSR

Use these commands to verify if a private key (domain.key) matches a certificate (domain.crt) and CSR (domain.csr):

1
2
3
4
5

$ openssl rsa -noout -modulus -in domain.key | openssl md5

$ openssl x509 -noout -modulus -in domain.crt | openssl md5

$ openssl req -noout -modulus -in domain.csr | openssl md5

Encrypt a Private Key

This takes an unencrypted private key (unencrypted.key) and outputs an encrypted version of it (encrypted.key):

1
2
3

$ openssl rsa -des3 \
       -in unencrypted.key \
       -out encrypted.key

Decrypt a Private Key

This takes an encrypted private key (encrypted.key) and outputs a decrypted version of it (decrypted.key):

1
2
3

$ openssl rsa \
       -in encrypted.key \
       -out decrypted.key