User Tools

Site Tools


howtos:create_a_private_key

Many OpenSSL commands require reading in a private key. While you can often create of a private key in the course of running the command, you may want to have a single key that you use for multiple commands. To create a private key, use the following openssl command:

  > openssl genrsa -des3 -out key.pem 2048
  Generating RSA private key, 2048 bit long modulus
  ......++++++
  .................++++++
  e is 65537 (0x10001)
  Enter pass phrase for key.pem:
  Verifying - Enter pass phrase for key.pem:
  >

Here's an explanation of the command line options:

  • -des3 - an optional parameter to encrypt the private key with a triple DES cipher. With this option, you are prompted for a password which must be at least 4 characters long. If you do not want to be private key to be encrypted, omit this command line option.
  • -out key.pem - write out the private key to the file key.pem.
  • 2048 - generate a private key of type RSA of length 2048 bits. The minimum value is 512. Many people like to use 2048 for a more secure key.
howtos/create_a_private_key.txt · Last modified: 02/12/2018 20:34 by 127.0.0.1