INFO: What are some helpful openssl commands that I can use with Certificate Manager

Applies to:

All versions:


Using Openssl can be a tedious process, as it is all command line driven. Here are some example Openssl commands that are meant to be used in the Certificate Manager Context.


More Info:


1: This command generates a self signed certificate that expires in 20 days, and has a key strength of 1024, and is created PEM ( Privacy Enhanced Certificate) format. 


$ openssl req -x509 -nodes -days 20 -newkey rsa:1024 -keyout selfsign.pem -out selfsign.pem


2: This command shows you how to generate a certificate with a private Key using a passout command.


C:\OpenSSL\bin\openssl req -new -newkey rsa:1024 -config SSL.conf -subj "/DC=com/DC=venafi/CN=vedadmin.tmwang.com" -keyout admin.key -passout pass:foo123 -out admin.p10


3: Here is an example of the command without using the passout command.  With openssl version 1.0.1c,  you cannot use the  "passout pass:foo123" argument, and have to enter the password in when you import the key into Certificate Manger.  


C:\OpenSSL\bin\openssl req -new -newkey rsa:1024 -config SSL.conf -subj "/DC=com/DC=venafi/CN=vedadmin.tmwang.com" -keyout admin.key -out admin.p10


Please sign in to leave a comment.