
Generating Public and Private Keys RSA
- On April 2, 2016
Installing OpenSSL
OpenSSL is officially distributed in C source code format. This is not a problem for Unix systems where C compiler is always available. But if you have a Windows system, you will have a hard time to install OpenSSL in C source code format. What you should do is to find a pre-compiled binary version for Windows.
Go to http://gnuwin32.sourceforge.net/packages/openssl.htm, and download the “Setup” version of “Binaries”, openssl-0.9.7c-bin.exe.
Download OpenSSL Configuration File.
http://web.mit.edu/crypto/openssl.cnf
Generating Public Keys and Private Keys
- Generate an RSA private key:
>C:\Openssl\bin\openssl.exe genrsa -out <Key Filename> <Key Size>
Where:
- <Key Filename> is the desired filename for the private key file
- <Key Size> is the desired key length of either 1024, 2048, or 4096
For example, type:
>C:\Openssl\bin\openssl.exe genrsa -out my_key.key 2048
2. Generate a Certificate Signing Request:
In version 0.9.8g:
>C:\Openssl\bin\openssl.exe req -new -key <Key Filename> -out <Request Filename> -config C:\Openssl\bin\openssl.cnf
-OR-
In version 0.9.8h and later:
>C:\Openssl\bin\openssl.exe req -new -key <Key Filename> -out <Request Filename> -config C:\Openssl\bin\openssl.cfg
Where:
- <Key Filename> is the input filename of the previously generated private key
- <Request Filename> is the output filename of the certificate signing request
For example, type:
>C:\Openssl\bin\openssl.exe req -new -key my_key.key -out my_request.csr -config C:\Openssl\bin\openssl.cnf
Follow the on-screen prompts for the required certificate request information.
3. Generate a self-signed public certificate based on the request
>C:\Openssl\bin\openssl.exe x509 -req -days 3650 -in <Request Filename> -signkey <Key Filename> -out <Certificate Filename>
Where:
- <Request Filename> is the input filename of the certificate signing request
- <Key Filename> is the input filename of the previously generated private key
- <Certificate Filename> is the output filename of the public certificate
For example, type:
>C:\Openssl\bin\openssl.exe x509 -req -days 3650 -in my_request.csr -signkey my_key.key -out my_cert.crt