S-a-t
asked on
SSL - Generate .key (private key) and .csr (certificate signing request) so that someone else can generate .crt (certificate) for web service
Hi experts,
I was following this document
http://www.thegeekstuff.com/2009/07/linux-apache-mod-ssl-generate-key-csr-crt-file/
but it asks for pass phrase while generating .key, same with .csr
I read in below document, that -nodes can be used so that I don't have to enter password when daemon starts
https://www.madboa.com/geek/openssl/#cert-self
The command I tried was below
openssl req -x509 -nodes -sha1 -newkey rsa:2048 -keyout server.key -out server.csr
What it did is generated .key and .csr as I have specified
.key file begins with below, which seems to be fine
-----BEGIN PRIVATE KEY-----
but .csr begins with below, which I am having doubt
-----BEGIN CERTIFICATE-----
because if that is certificate then I do not have to give .csr file to someone (admin) to get .crt (certificate)
which is not what is planned
I have to get .key and .csr and handover .csr to someone (admin) and he will give me .crt
that is the plan
Need your help to understand the commands to use, if possible please specify what command I can use in this case.
I was following this document
http://www.thegeekstuff.com/2009/07/linux-apache-mod-ssl-generate-key-csr-crt-file/
but it asks for pass phrase while generating .key, same with .csr
I read in below document, that -nodes can be used so that I don't have to enter password when daemon starts
https://www.madboa.com/geek/openssl/#cert-self
The command I tried was below
openssl req -x509 -nodes -sha1 -newkey rsa:2048 -keyout server.key -out server.csr
What it did is generated .key and .csr as I have specified
.key file begins with below, which seems to be fine
-----BEGIN PRIVATE KEY-----
but .csr begins with below, which I am having doubt
-----BEGIN CERTIFICATE-----
because if that is certificate then I do not have to give .csr file to someone (admin) to get .crt (certificate)
which is not what is planned
I have to get .key and .csr and handover .csr to someone (admin) and he will give me .crt
that is the plan
Need your help to understand the commands to use, if possible please specify what command I can use in this case.
that the CSR only you need to provide this CSR and key file to admin, so that he can generate cert of you and you can install it.
ASKER
Thanks Gaurav!
but .key file is private key, why would I give it to Admin?
I think he just needs .csr file.
Also, if I don't specify "-des3" options I think it generated without password because it didn't ask for it.
and, I didn't specify any expiry with "-days" option so I think it will be non expiry .key, .csr right?
but .key file is private key, why would I give it to Admin?
I think he just needs .csr file.
Also, if I don't specify "-des3" options I think it generated without password because it didn't ask for it.
and, I didn't specify any expiry with "-days" option so I think it will be non expiry .key, .csr right?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No one answered, I did own research and found the answer.