All done with a single command and then working through the interactive prompts and no password is mandatory, so you can just press the ‘enter’ key at the Key Password prompts..
openssl req -new -newkey rsa:2048 -nodes -keyout SERVERNAME.key -out SERVERNAME.csr
If you want to create a Key and CSR using the “SHA2” or SHA256 encryption, add the “-sha256” parameter to the above openssl command-line.
Viewing a Certificate’s details with info from http://www.madboa.com/geek/openssl/#cert-exam
CSR Info is viewed via this command line:
openssl req -in FILE.csr -noout -text
Certificate Info is viewed via this command line:
openssl x509 -text -in FILE.crt
If you want to convert a .pfx file to a .key file, use:
openssl pkcs12 -in SERVERNAME.pfx -nocerts -nodes -out SERVERNAME.key
To convert from a PEM based or PCKS7 (.p7b) Cert file (with its key) to the .pfx format single file, use:
openssl pkcs7 -print_certs -in NAME.p7b -out NAME.cer
openssl pkcs12 -export -in NAME.cer -inkey NAME.key -out NAME.pfx
More information and details will be posted to this blog entry over time..
Here’s good openssl CSR generation info for EV based Certs in 2015: https://certsimple.com/blog/openssl-csr-command
FYI,
Richard.
Pingback: Adding SSL Certificates and settings to your cPanel VPS | Network Presence Blog
You can “Self Sign” your SSL Certificate with a command like:
openssl x509 -req -days 3650 -in SERVERNAME.csr -signkey SERVERNAME.key -out SERVERNAME.crt
Pingback: Quick update to our SSL Certificate Linux command-… | Network Presence Blog