G.2 Creating a Certificate Signing Request (CSR) (certutil reqgen command)
This section describes how to use the certutil reqgen command to create a Certificate Signing Request (CSR). The created CSR file is submitted to the CA, which then issues the signed certificate. The CSR is created in the format conforming to PKCS #10.
Format
certutil reqgen [-sign signature-algorithm] -key key-file -out CSR-file
Arguments
- -sign signature-algorithm
-
Specify the signature algorithm used when the CSR is created. The following signature algorithms can be specified:
-
MD5
md5WithRSAEncryption is used.
-
SHA1
sha1WithRSAEncryption is used.
-
SHA224
sha224WithRSAEncryption is used.
-
SHA256
sha256WithRSAEncryption is used.
-
SHA384
sha384WithRSAEncryption is used.
-
SHA512
sha512WithRSAEncryption is used.
If this argument is omitted, SHA1 is assumed.
-
- -key key-file
-
Specify the Web server private key file. Specify the private key file created by using the keygen command.
- -out CSR-file
-
Specify the file to which the created CSR is output.
Example
To create a Certificate Signing Request (CSR) by using the Web server private key file httpsdkey.pem, specify as follows:
certutil reqgen -sign SHA1 -key httpsdkey.pem -out httpsd.csr
If you have set a password when creating the private key for the Web server, you are prompted to enter the password. For the items to be set, follow the instructions from the CA to which you submit the Certificate Signing Request (CSR).