ns:/etc/httpd/ssl/peters # openssl req -newkey rsa:1024 --keyout -new > new peters.pem unknown option --keyout req [options] outfile where options are -inform arg input format - DER or PEM -outform arg output format - DER or PEM -in arg input file -out arg output file -text text form of request -noout do not output REQ -verify verify signature on REQ -modulus RSA modulus -nodes don't encrypt the output key -key file use the private key contained in file -keyform arg key file format -keyout arg file to send the key to -rand file:file:... load the file (or the files in the directory) into the random number generator -newkey rsa:bits generate a new RSA key of 'bits' in size -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file' -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4) -config file request template file. -new new request. -x509 output a x509 structure instead of a cert. req. -days number of days a x509 generated by -x509 is valid for. -newhdr output "NEW" in the header lines -asn1-kludge Output the 'request' in a format that is wrong but some CA's have been reported as requiring -extensions .. specify certificate extension section (override value in config file) -reqexts .. specify request extension section (override value in config file) ############################################################################################################# 1.) ns:/etc/httpd/ssl/peters # openssl req -config /usr/ssl/openssl.cnf -new -out peters-zertifikat.csr Using configuration from /usr/ssl/openssl.cnf Generating a 1024 bit RSA private key ...........................++++++ .....++++++ writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:Nordrhein Westfalen Locality Name (eg, city) []:Minden Organization Name (eg, company) [Internet Widgits Pty Ltd]:Peters-OWL.DE Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:Peters Email Address []:ija@peters-owl.de Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:val1306 An optional company name []: ns:/etc/httpd/ssl/peters # l total 4 drwxr-xr-x 2 root root 1024 Aug 30 11:36 ./ drwxr-xr-x 8 root root 1024 Aug 30 11:22 ../ -rw-r--r-- 1 root root 0 Aug 30 11:26 new -rw-r--r-- 1 root root 729 Aug 30 11:36 peters-zertifikat.csr -rw-r--r-- 1 root root 963 Aug 30 11:36 privkey.pem ns:/etc/httpd/ssl/peters # ########################################################################################## ns:/etc/httpd/ssl/peters # openssl rsa -in privkey.pem -out peters-zertifikat.key read RSA key Enter PEM pass phrase: writing RSA key ns:/etc/httpd/ssl/peters # l total 5 drwxr-xr-x 2 root root 1024 Aug 30 11:38 ./ drwxr-xr-x 8 root root 1024 Aug 30 11:22 ../ -rw-r--r-- 1 root root 0 Aug 30 11:26 new -rw-r--r-- 1 root root 729 Aug 30 11:36 peters-zertifikat.csr -rw-r--r-- 1 root root 887 Aug 30 11:38 peters-zertifikat.key -rw-r--r-- 1 root root 963 Aug 30 11:36 privkey.pem ns:/etc/httpd/ssl/peters # ############################################################################################ ns:/etc/httpd/ssl/peters # openssl x509 -in peters-zertifikat.csr -out peters-zertifikat.crt -req -signkey peters-zertifikat.key -days 365 Signature ok subject=/C=DE/ST=Nordrhein Westfalen/L=Minden/O=Peters-OWL.DE/CN=Peters/Email=ija@peters-owl.de Getting Private key ns:/etc/httpd/ssl/peters # l total 6 drwxr-xr-x 2 root root 1024 Aug 30 11:41 ./ drwxr-xr-x 8 root root 1024 Aug 30 11:22 ../ -rw-r--r-- 1 root root 0 Aug 30 11:26 new -rw-r--r-- 1 root root 928 Aug 30 11:41 peters-zertifikat.crt -rw-r--r-- 1 root root 729 Aug 30 11:36 peters-zertifikat.csr -rw-r--r-- 1 root root 887 Aug 30 11:38 peters-zertifikat.key -rw-r--r-- 1 root root 963 Aug 30 11:36 privkey.pem ns:/etc/httpd/ssl/peters # ################################################################################################ ns:/etc/httpd/ssl/peters # openssl x509 -in peters-zertifikat.crt -out peters-zertifikat.der.crt -outform DER ns:/etc/httpd/ssl/peters # l total 7 drwxr-xr-x 2 root root 1024 Aug 30 11:43 ./ drwxr-xr-x 8 root root 1024 Aug 30 11:22 ../ -rw-r--r-- 1 root root 0 Aug 30 11:26 new -rw-r--r-- 1 root root 928 Aug 30 11:41 peters-zertifikat.crt -rw-r--r-- 1 root root 729 Aug 30 11:36 peters-zertifikat.csr -rw-r--r-- 1 root root 643 Aug 30 11:43 peters-zertifikat.der.crt -rw-r--r-- 1 root root 887 Aug 30 11:38 peters-zertifikat.key -rw-r--r-- 1 root root 963 Aug 30 11:36 privkey.pem ns:/etc/httpd/ssl/peters # ####################################################################################