Skip to content

Instantly share code, notes, and snippets.

@schneefisch

schneefisch/generate_keypair.md

Last active November 15, 2022 15:37
Show Gist options
  • Save schneefisch/57a619881f98973f310f62154a47bb1a to your computer and use it in GitHub Desktop.
Save schneefisch/57a619881f98973f310f62154a47bb1a to your computer and use it in GitHub Desktop.
Download ZIP
Generate a new keypair with OpenSSL
Raw
generate_keypair.md

How to generate an RSA Keypair

Generate a certificate (PEM)

For more security use -aes512 4096

openssl genrsa -out key.pem -aes256 2048

Extract public key as PEM

openssl rsa -in private.pem -outform PEM -pubout -out public.pem

Or as .crt

openssl req -new -x509 -days 1826 -key key.pem -out ca.crt

Convert to x509 cert (inclusive private key)

openssl rsa -in yourwebsite_private.key -out pem-yourwebsite_private.key

Generate a CSR (Certificate Signing Request)

If you want a certificate signed by a CA, you need to generate a CSR and send it there

openssl req -new -nodes -newkey rsa:2048 -keyout key_name.key -out csr_name.csr

Kompletter Flow mit einer Fake-CA und signierung

Private CA Key erstellen ...

openssl genrsa 2048 > ca.key

Self-Signed CA-Certificate erstellen (fake-root-ca ;) )

openssl req -new -x509 -nodes -days 1000 -key ca.key > ca.crt

Client Key und CSR erstellen

openssl req -newkey rsa:2048 -days 365 -nodes -keyout client.key > client.csr

mit CA das client-csr signieren

openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -sha256 > client.crt

Generiere ein .pem container

openssl x509 -in client.crt -out client.pem -outform PEM

Füge das CA-crt (public teil) zum .pem hinzu

cat ca.crt >> client.pem

Export private key

DO NOT USE if you do not really understand what you are doing!

Export PRIVATE key

openssl rsa -in private.pem -out private_unencrypted.pem -outform PEM
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment