CCIE-W Lab: Generate a CSR with a file encrypted Private Key using OpenSSL
Overview: Requirement to create a CSR and an encrypted private key. Newer version of OpenSSL by default generate a CSR with a unencrypted private key file.
Kit: OpenSSL 1.0.2
Windows 2016 Server CA
Windows 2016 Server CA
Steps:
Open CMD prompt as administrator and open the OpenSSL folder (C:\openssl)
Type the below command to generate a private key that is file encrypted. You will be prompted for the password to access the file
openssl genrsa -des3 -out domain.key 2048
Type the below command to create a CSR with the RSA private key (output will be PEM format):
req -new -key domain.key -out domain.csr
Open Private Key file (c:\openssl\domain.key) using notepad. The private file should have the following on the top.
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,25EE2AF357352292
Overview: Requirement to convert the Root CA certificate to PEM formatKit: OpenSSL 1.0.2 Windows 2016 Server CASteps:Copy the Root CA certificate (root.cer) to the OpenSSL bin folder (C:\openssl\bin)Open CMD prompt as administrator and open the OpenSSL folder (C:\openssl) Type the following command to convert the DER certificate (root.cer) to PEM format (root.pem)openssl x509 -inform der -in certificate.cer -out certificate.pemCheck the root.pem file is created. (C:\openssl\bin)Notice the difference between both certificates formats using notepadOpen root.pem file with notepad.Open root.cer using notepad.
Share story
