Virginia Tech Certification Authority

OpenSSL + Related

OpenSSL Instructions for Generating CSRs Using OpenSSL to generate a CSR (Certificate Signing Request) for a VT Global Qualified Web Server or Middleware Certificate:

NOTE: It is recommended that the native WIndows Server certmanager utility be used to create CSRs (certificate signing requests), however OpenSSL may also be used to perform this function.

If needed, use the links below to download and install the most current recommended version of OpenSSL. OpenSSL is free to download and use.

  1. Openssl is a command line program - Windows 7 users can type cmd [Enter] in the Start -> "Search Programs and Files" box. Windows 8.1 users can navigate to the Apps by name page, Windows System section and select Command Prompt. In the resulting dos box type cd c:\openssl\bin or cd c:\openssl-win64\bin as the case may be.

  2. Generate the RSA key pair and certificate signing request (CSR) as follows (use the default file names key.pem and req.pem or substitue your own file names). You must specify your key size to be at least 2048 bits.
    $openssl req -newkey rsa:2048 -keyout key.pem -out req.pem -nodes

    If you wish to encrypt your private key then do not include the -nodes option.

  3. The previous command will result in a dialog with openssl that requests DN attributes to complete the CSR. There are no special requirements to include specific DN attributes in the CSR that you generate. You may simply respond to the prompts and provide values for the default attributes that are presented in the dialog. For example:

    Country Name (2 letter code) [AU]: press enter for default
    State or Province Name (full name) [Some-State]:press enter for default
    Locality Name (eg, city) [ ]:press enter for default
    Organization Name (eg, company) [internet Widgets Pty Ltd]:press enter for default
    Organizational Unit Name (eg, section) [ ]:press enter for default
    Common Name (eg, YOUR name) [ ]: press enter for default
    Email Address [ ]: press enter for default
    'Extra' Attributes:

    A challenge password [ ]: press enter for default
    An optional company name [ ]: press enter for default

Important: Be sure to keep all of the files created in the above procedure and any passwords used in a safe place.

For more information on using openssl see Manual page for the openssl command line tool





Last updated on February 24, 2015