5.2.9 Usage examples of the openssl.bat and openssl.sh commands
This subsection provides examples of how to use the openssl.bat and openssl.sh commands. The information provided in the following examples, such as for the Common Name item, is fictitious, and any connection with real individuals is purely coincidental.
- Organization of this subsection
(1) Generating a private key (openssl.bat or openssl.sh command)
(a) When using RSA encryption
The following example shows how to use the commands to generate a private key for RSA encryption.
- Usage example (in Windows)
# openssl.bat genrsa -rand file -out httpsdkey.pem 1024 Generating RSA private key, 1024 bit long modulus ...............++++++ ..............................++++++ e is 65537 (0x10001) #
- Usage example (in UNIX)
# openssl.sh genrsa -rand file -out httpsdkey.pem 1024 Generating RSA private key, 1024 bit long modulus ...............++++++ ..............................++++++ e is 65537 (0x10001) #
- Contents of the private key for RSA encryption
-
The contents of the private key for RSA encryption are as follows:
-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQCwFMAIeJw8jhLyV3wog/0cjs2KQCRCumwgRSCAaDuKGgjlCsY9 /7z4evgK91sKvSVBcNFP/CemK7e8GyorwMT1CbJR7HD6D+LJ7ksr9zxl7vrUohCu C/EW2ut0ZSVe9X4chfQc4RLvmkcmiMZuUKa5zP2kiOL9Ug5u3VksS/hWGwIDAQAB AoGBAJysCeY/svyqia86Ko4+StPDOJ2/zsPU7mqUN4Qpunh6C9oIiTYXPER33gab 61UV0XV19bhOq9TOZ3CnVxGRN206PnXWA8E2M1g+yFnHSTmrF/noXYYL88L57ZKP +eE0H5otxJC2E5wdDTlNJEtfv2PxLkNQe0czgFkzeVJX/hqZAkEA33UiTURMdi5r iEL8l741dQQ0mXO7Iek+U4B9rkZXxobxL6+G/Txsv+5/NI3ULjt/NGn6yIqCgwJM 37igriqejwJBAMm5V5ZRLSsN0upq0cO0rNQ79T+XwypUNALjFEL/NgsbplL1emjW y7DJwjd9Wmu0MHlserDJ9NrFXHsYDJQjlbUCQBVyVpJ35abKGcQAOeIOfW73slyw ANvmWPcGtAlP8wi41tkuzZPsgruBFnBi1GSDjVfofAtXT+NnCx3FyJYuvP0CQQC9 egARS1J33FY+pfM+NlkYSPFFuFEzU0A/bfg8LegfautBhR5jl05gUkLBSFdET04w 33om0KvTSgph/ObjxsD5AkAiA0i0DpwL477ffxs96K7uA9T6VEwrQGg1N5X6Elm9 mPrrOtvGP+Qbzl2ujsr8V6qPIbRabzR28MBFNK+O7iPd -----END RSA PRIVATE KEY-----
(b) When using elliptic curve cryptography
The following example shows how to use the commands to generate a private key for elliptic curve cryptography.
- Usage example (in Windows)
# openssl.bat ecparam -genkey -noout -rand file -name P-256 -out httpsdkey-tmp.pem #
- Usage example (in UNIX)
# openssl.sh ecparam -genkey -noout -rand file -name P-256 -out httpsdkey-tmp.pem #
The following example shows how to use the command to convert a generated private key to the PKCS#8 format.
- Usage example (in Windows)
# openssl.bat pkcs8 -topk8 -in httpsdkey-tmp.pem -out httpsdkey-ecc.pem -nocrypt #
- Usage example (in UNIX)
# openssl.sh pkcs8 -topk8 -in httpsdkey-tmp.pem -out httpsdkey-ecc.pem -nocrypt #
- Contents of the private key for elliptic curve cryptography
-
The contents of the private key for elliptic curve cryptography are as follows:
-----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg5s6WeJmSoxeX+rw3 5cYub8aXBI4YdczVkpW10kbTtdShRANCAAQXh6wOloXxP2NZ2/wqvL5PZUEyJB1o ZZc3zWVE9BTkx6sC46euFBrZ0ha5A+P9WwcdsC4IjaY09mf+rTeAmpgG -----END PRIVATE KEY-----
(2) Creating a Certificate Signing Request (CSR) (openssl.bat req or penssl.sh req command)
The following example shows how to use the commands to create a Certificate Signing Request (CSR). Submit the created CSR file to a CA to receive a signed certificate. Note that if you set a password when creating the private key of the Web server, you are also requested to enter the private key password when creating the CSR.
Specify the items and contents according to the instructions provided by the CA to which the CSR is submitted.
- Usage example (in Windows)
# openssl.bat req -new -sha1 -key httpsdkey.pem -out httpsd.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Kanagawa Locality Name (eg, city) []:Yokohama-shi Organization Name (eg, company) [Internet Widgits Pty Ltd]:HITACHI Organizational Unit Name (eg, section) []:WebSite Common Name (e.g. server FQDN or YOUR name) []:www.hws.hitachi.co.jp Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: #
- Usage example (in UNIX)
# openssl.sh req -new -sha1 -key httpsdkey.pem -out httpsd.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Kanagawa Locality Name (eg, city) []:Yokohama-shi Organization Name (eg, company) [Internet Widgits Pty Ltd]:HITACHI Organizational Unit Name (eg, section) []:WebSite Common Name (e.g. server FQDN or YOUR name) []:www.hws.hitachi.co.jp Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: #
- CSR format
-
The CSR format is as follows:
-----BEGIN CERTIFICATE REQUEST----- MIIBuzCCASQCAQAwezEeMBwGA1UEAxMVd3d3Lmh3cy5oaXRhY2hpLmNvLmpwMRAw DgYDVQQLEwdXZWJTaXRlMRAwDgYDVQQKEwdISVRBQ0hJMRUwEwYDVQQHEwxZb2tv aGFtYS1zaGkxETAPBgNVBAgTCEthbmFnYXdhMQswCQYDVQQGEwJKUDCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEArZZyYumQcY8h4AppAz447H9R+Srzrt08eSzr yZT8HYrDXz9I8XH6bMMahO4M6u2YI9iVzepQU1uI0f8bCwkFageBWwVQmDwcyJYf 1kY5X+2OgFEYV8CTu7I+A70VlYHobpM/FlBkzUVWD9/fTob0ALYNF9eTbFAL0c6U sJBZfSsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAEiq+yGSVblaOuljyrAei9r3 n5mXtE5KXzQRz0cy6N5BaEV0l9KOtUaTCallsZmQdZ/6dZRSaE27xf/2UF3UxlCC 0+qrG10iQgDe5huSsqBnGGghJB2OPVUJh5S7YC6Ub6HRdOzq7H+D0qvsBC2C0dA/ cCkp8UsRzIjlDW8SVBZO -----END CERTIFICATE REQUEST-----