Many OpenSSL commands require reading in a private key. While you can often create of a private key in the course of running the command, you may want to have a single key that you use for multiple commands. To create a private key, use the following openssl command:

    > openssl genrsa -des3 -out key.pem 2048
    Generating RSA private key, 2048 bit long modulus
    ......++++++
    .................++++++
    e is 65537 (0x10001)
    Enter pass phrase for key.pem:
    Verifying - Enter pass phrase for key.pem:
    >

Here's an explanation of the command line options:

    * -des3 - an optional parameter to encrypt the private key with a triple DES cipher. With this option, you are prompted for a password which must be at least 4 characters long. If you do not want to be private key to be encrypted, omit this command line option.
    * -out key.pem - write out the private key to the file key.pem.
    * 2048 - generate a private key of type RSA of length 2048 bits. The minimum value is 512. Many people like to use 2048 for a more secure key.