Manualshelf

OpenSSL A.00.09.08n.010, A.00.09.08n.011, and A.00.09.08n.012 release notes (5900-0899), June 2010

ManualsBrandsHP ManualsSoftwareHP-UX OpenSSL Software
11121314151617181920
where:
<bits>
Specifies the size of the key.
<filename>
Specifies the file name where the key must be stored.
To create an RSA public and private key pair, use the following command:
$ openssl genrsa -out key.pem 1024
This command creates a 1024-bit key pair and stores it in a file called key.pem. The <bits>
parameter is optional. The default key size is 512 bits.
Creating a password-protected RSA key pair
Following is the syntax to create a password-protected private RSA key pair:
$ openssl genrsa -<encryption-algorithm> -out <filename> <bits>
where:
<encryption-algorithm>
Specifies the algorithm to be used for encrypting the private
key (using a password supplied by the user).
To create a password-protected private RSA key pair, use the following command:
$ openssl genrsa -des3 -out key.pem 1024
When you execute this command, the program prompts for a pass phrase (password), which is
used to encrypt the key file (with the specified algorithm). You must enter the correct pass phrase
to view the key.
Viewing an RSA key pair
Following is the syntax to view an RSA key pair:
$ openssl rsa -in <filename> -noout -text
To view the modulus, exponent, and prime key values use the following command:
$ openssl rsa -in key.pem -noout -text
This command displays the key pair stored in the key.pem file. If the key pair stored in key.pem
is encrypted, then this commands prompts the user for the pass phrase.
Creating an RSA certificate request
Following is the syntax to create a new certificate request:
$ openssl req -new -nodes -out <filename> -keyout <keyfile>
-subj <subject>
where:
<filename>
Specifies the file to which the certificate request is written.
<keyfile>
Specifies the file to which the RSA public and private key pair for the certificate
is written.
<subject>
Specifies the subject name of the certificate.
To create an RSA certificate request, use the following command:
$ openssl req -new -nodes -out cert.txt -keyout key.pem
-subj "/C=US/ST=CA/L=CITY/CN=localhost/emailAddress=root@localhost"
Creating a self-signed certificate
Following is the syntax to create a self-signed certificate:
$ openssl req -new -nodes -x509 -out <filename> -keyout <keyfile>
-days <numdays> -subj <subject>
where:
-x509
Indicates a self-signed certificate.
<numdays>
Indicates the number of days for which the certificate is valid.
20 OpenSSL A.00.09.08n.010, A.00.09.08n.011, and A.00.09.08n.012