Skip to content

Instantly share code, notes, and snippets.

@brianfoshee

brianfoshee/gencsrs.md

Last active August 29, 2015 14:07
Show Gist options
  • Save brianfoshee/64567fe6967f8bb9fb0f to your computer and use it in GitHub Desktop.
Save brianfoshee/64567fe6967f8bb9fb0f to your computer and use it in GitHub Desktop.
Download ZIP
Generating SSL certificate signing requests
Raw
gencsrs.md

Two options for generating a SHA2 Certificate Signing Request

(turns out your CA has to support signing with SHA256 as well)

1) Generate a CSR with a non password-protected key:

openssl req -nodes -sha256 -newkey rsa:2048 -keyout example.com.key -out example.com.csr

2) Generate a CSR with a password-protected key:

Generate a password-protected key first (remember the password you set here for the next step):

openssl genrsa -des3 -out example.com.encrypted.key 2048

Use that key for the CSR (will ask for the password created in the previous step:

openssl req -nodes -sha256  -new -key example.com.encrypted.key -out example.com.csr

Remove the password protection from the key (optional - for use on a server):

openssl rsa -in example.com.encrypted.key -out example.com.key

Print out various info about the CSR:

openssl req -in example.com.csr -text -noout
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment