5.2.2 Creating a Certificate Signing Request (CSR) (certutil reqgen command)

This subsection describes how to use the certutil reqgen command to create a Certificate Signing Request (CSR). The created CSR file is submitted to the CA, which then issues the signed certificate. The CSR is created in the format conforming to PKCS #10.

Organization of this subsection
(1) Format
(2) Parameters
(3) Use example

(1) Format

certutil reqgen [-sign {MD5|SHA1|SHA224|SHA256|SHA384|SHA512}] -key key-file -out CSR-file

(2) Parameters

(3) Use example

To create the httpsdkey.pem Web server private key:

certutil reqgen -sign SHA1 -key httpsdkey.pem -out httpsd.csr

httpsdkey.pem: Key file

httpsd.csr: CSR file