> From: owner-openssl-us...@openssl.org On Behalf Of Bob Bell (rtbell) > Sent: Wednesday, 02 March, 2011 13:33
> I am trying to generate a PKCS#10 certificate request with a > pre-existing RSA public/private key pair that was generated using genpkey. > The actual command is openssl genpkey -out Keys.bin -outform DER > -algorithm rsa -pkeyopt rsa_keygen_bits:2048 > Could someone please provide me with information on how to do this? > Sorry for the relatively newby question, but I have tried to dig it out > of the documentation without success. 'man req' if on Unix and you're using the installed openssl (or you adjust MANPATH or equivalent to another copy). It's about 10 screens so I'm not going to copy it here. 'openssl req -?' (hyphen question) for a brief summary. This utility can display/modify an existing CSR, OR create a new one for either an existing keypair or a new keypair, OR create a selfsigned cert from a CSR or directly from a keypair. (Since you want a request, you presumably don't want selfsigned.) For your case do 'openssl req -new -key Keys.bin -keyform DER' and: - use the standard config file (or a copy) and be prompted for the DN fields, and 'extra' attributes (not usually needed); - use a modified config file that sets these fields; or - add -subj to enter (only) the DN fields exactly right PS- According to my network monitor, the CRL fetched from Comodo to validate your email signing cert is nearly a megabyte! Yowza! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
