It is OpenSSL that can create a private key and CSR, but I often do not understand the meaning of the command and tend to copy and paste, so check again
Generate a SHA256 character string from the current date. Not sure if you need to specify an encryption algorithm here
$ date | openssl dgst -sha256 > sample.dat
$ less random.dat
(stdin)= fcc7bad796f3b5aa20c3481fa2790669ceb9d3d8565091d1f39a50083123ab52
Create a 2048bit private key from the digest using 3DES (Triple DES).
$ openssl genrsa -rand sample.dat -des3 2048 > sample.key
$ less sample.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CB8C441AE01D6315
yLk0ZJhLYkl8sWJC170WJ2CKIixBy6zlGCEwJCq13N39GUj4Tr20HqRzlbmtKQtv
lz93DjRSQ4uhA2EjwD7JTlHtsxEwhLYW1iKsodzBZ40e0on0sk6kK9i3/WUEHuLK
<<abridgement>>
-----END RSA PRIVATE KEY-----
3DES is as follows. In other words, one encryption key is created using three encryption keys. .. ..
3DES is one of the processing methods devised to improve the security of the encryption method DES (Data Encryption Standard). It is difficult to decrypt by repeating the encryption and decryption process by DES three times using two or three different encryption keys. Source: What is 3DES (Triple DES) --IT Glossary
Create a CSR from the private key. The Base64-encoded CSR is called the "PKCS # 10" format. (See RFC-2986)
$ openssl req -new -sha256 -key sample.key -out sample.csr
$ less sample.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIC0jCCAboCAQAwYzELMAkGA1UEBhMCYWExCzAJBgNVBAgMAmphMQswCQYDVQQH
DAJqYTELMAkGA1UECgwCamExDDAKBgNVBAsMA2FqYTEMMAoGA1UEAwwDYWphMREw
<<abridgement>>
-----END CERTIFICATE REQUEST-----
$ openssl req -in sample.csr -text
Recommended Posts