Creating a SSL Key & CSR

All done with a single command and then working through the interactive prompts and no password is mandatory, so you can just press the ‘enter’ key at the Key Password prompts..

openssl req -new -newkey rsa:2048 -nodes -keyout SERVERNAME.key -out SERVERNAME.csr

If you want to create a Key and CSR using the “SHA2” or SHA256 encryption, add the “-sha256” parameter to the above openssl command-line.

Viewing a Certificate’s details with info from

CSR Info is viewed via this command line:

openssl req -in FILE.csr -noout -text

Certificate Info is viewed via this command line:

openssl x509 -text -in FILE.crt

If you want to convert a .pfx file to a .key file, use:

openssl pkcs12 -in SERVERNAME.pfx -nocerts -nodes -out SERVERNAME.key

To convert from a PEM based or PCKS7 (.p7b) Cert file (with its key) to the .pfx format single file, use:

openssl pkcs7 -print_certs -in NAME.p7b -out NAME.cer
openssl pkcs12 -export -in NAME.cer -inkey NAME.key -out NAME.pfx

More information and details will be posted to this blog entry over time..

Here’s good openssl CSR generation info for EV based Certs in 2015:


This entry was posted in Network Presence and tagged , , , . Bookmark the permalink.

3 Responses to Creating a SSL Key & CSR

  1. Pingback: Adding SSL Certificates and settings to your cPanel VPS | Network Presence Blog

  2. richard says:

    You can “Self Sign” your SSL Certificate with a command like:

    openssl x509 -req -days 3650 -in SERVERNAME.csr -signkey SERVERNAME.key -out SERVERNAME.crt

  3. Pingback: Quick update to our SSL Certificate Linux command-… | Network Presence Blog

Comments are closed.