5.2.4 Creating a Certificate Signing Request (CSR) (openssl.bat req or openssl.sh req command)
This section describes how to create a Certificate Signing Request (CSR) by using the openssl.bat req command or openssl.sh req command. The created CSR file is submitted to the CA, which then issues the signed certificate. The CSR is created in the format conforming to PKCS#10.
- Organization of this subsection
(1) Format
In Windows
openssl.bat req -new [-sha1|-sha224|-sha256|-sha384|-sha512] -key key-file -out CSR-file
In UNIX
openssl.sh req -new [-sha1|-sha224|-sha256|-sha384|-sha512] -key key-file -out CSR-file
(2) Parameters
-
[-sha1|-sha224|-sha256|-sha384|-sha512]
Specify the signature algorithm used when the CSR is created.
-sha1: sha1WithRSAEncryption is used.
-sha224: sha224WithRSAEncryption is used.
-sha256: sha256WithRSAEncryption is used.
-sha384: sha384WithRSAEncryption is used.
-sha512: sha512WithRSAEncryption is used.
-
-key key-file
Specify the Web server private key file.
-
-out CSR-file
Specify the file to which the created CSR is output.
(3) Use example
The following example shows how to create the Certificate Signing Request (CSR) httpsd.csr.
In Windows
openssl.bat req -new -sha1 -key httpsdkey.pem -out httpsd.csr
In UNIX
openssl.sh req -new -sha1 -key httpsdkey.pem -out httpsd.csr
httpsdkey.pem: Key file
httpsd.csr: CSR file