G.2 Creating a Certificate Signing Request (CSR) (openssl.bat req command)
This section describes how to use the certutil reqgen command to create a Certificate Signing Request (CSR). The created CSR file is submitted to the CA, which then issues the signed certificate. The CSR is created in the format conforming to PKCS #10.
Format
openssl.bat req -new [-md5|-sha1|-sha224|-sha256|-sha384|-sha512] -key key-file -out CSR-file
Operand
- [-md5|-sha1|-sha224|-sha256|-sha384|-sha512]
-
Specify the signature algorithm used when the CSR is created.
-
-md5: md5WithRSAEncryption is used.
-
-sha1: sha1WithRSAEncryption is used.
-
-sha224: sha224WithRSAEncryption is used.
-
-sha256: sha256WithRSAEncryption is used.
-
-sha384: sha384WithRSAEncryption is used.
-
-sha512: sha512WithRSAEncryption is used.
If this operand is omitted, -sha256 is assumed.
-
- -key key-file
-
Specify the Web server private key file. Specify the private key file created by using the keygen command.
- -out CSR-file
-
Specify the file to which the created CSR is output.
Example
To create a Certificate Signing Request (CSR) by using the Web server private key file httpsdkey.pem, specify as follows:
openssl.bat req -new -sha256 -key httpsdkey.pem -out httpsd.csr
If you have set a password when creating the private key for the Web server, you are prompted to enter the password. For the items to be set, follow the instructions from the CA to which you submit the Certificate Signing Request (CSR).