OpenSSL provides different features about security and certificates. Public and Private Key cryptography also supported by OpenSSL. Websites, Firewalls and other applications uses Certificates in order to encrypt their network traffic or authenticate each other. In this tutorial we will look how to create Certificate Signing Request.
Generate RSA Key
Now we assume we do not have any Public and Private Key pair. If we have Public and Private key pair please skip to the second step. RSA is very popular and efficient asymmetric encryption algorithm used by a lot of security mechanisms.We can also use RSA in X509 certificates. In this step we will create create an RSA Private key with
PEM format. This key size will be
$ openssl genrsa -out myprivate.pem 2048
Certificate signing means an Authority or Certificate Authority have checked provided certificate and signed it with its private key. After that step the entities trust Certificate Authority will see and check the sign of the Certificate Authority in the signed Certificate. In order to sign Certificate we need to create a Certificate Signing Request (CSR) which is described below.
Create Certificate Signing Request (CSR)
We will generate a Certificate Signing Request (CSR) by pointing our private key. We will use
req verb of the OpenSSL. We will use
-sha256 as digest algorithm. The Certificate Signing Request file will be specified with
-out option and will have
$ openssl req -new -sha256 -key my -out myrequest.csr
Verify Certificate Signing Request (CSR)
After create a Certificate Signing Request we can view the files and review it. We will use
req verb again. We will use
-text options to print to the shell.
$ openssl req -noout -text -in myrequest.csr
Submit To The Certificate Authority
The last step is sending this
myrequest.csr file to the Certificate Authorities like below. By the way naming our CSR with our URL will made is more practical and easy to read like
- Lets Encrypt