https://logicwiki.co.uk/index.php?action=history&feed=atom&title=Creating_Public_and_Private_Keys_with_OpenSSLCreating Public and Private Keys with OpenSSL - Revision history2026-04-16T04:12:22ZRevision history for this page on the wikiMediaWiki 1.26.2https://logicwiki.co.uk/index.php?title=Creating_Public_and_Private_Keys_with_OpenSSL&diff=2243&oldid=prevAliIybar: Created page with "Category:SSL Category:Security == Preparation == in Windows : install WSL Ubuntu from [https://ubuntu.com/wsl https://ubuntu.com/wsl] and install openssl sudo apt..."2021-11-19T11:23:29Z<p>Created page with "<a href="/index.php?title=Category:SSL&action=edit&redlink=1" class="new" title="Category:SSL (page does not exist)">Category:SSL</a> <a href="/Category:Security" title="Category:Security">Category:Security</a> == Preparation == in Windows : install WSL Ubuntu from [https://ubuntu.com/wsl https://ubuntu.com/wsl] and install openssl sudo apt..."</p>
<p><b>New page</b></p><div>[[Category:SSL]]<br />
[[Category:Security]]<br />
== Preparation == <br />
in Windows : install WSL Ubuntu from [https://ubuntu.com/wsl https://ubuntu.com/wsl]<br />
<br />
and install openssl <br />
sudo apt install openssl<br />
<br />
== Generating an RSA Private Key Using OpenSSL ==<br />
openssl genrsa -out private-key.pem 3072<br />
In this example, I have used a key length of 3072 bits. While 2048 is the minimum key length, it is recommended that you use 3072. This gives you 128-bit security.<br />
<br />
This gives you a PEM file containing your RSA private key, which should look something like the following:<br />
<pre><br />
-----BEGIN RSA PRIVATE KEY-----<br />
MIIG4wIBAAKCAYEA1MSdsaPH2ShtjOo4c02+DbYcTdwUBLY+vNSXr2tV8/jGU059<br />
... (I CUT THESE LINES TO MAKE IT SHORTER)<br />
UuP3ai7zn++ag7Lu1QEm5pQAd2n+zMuKZbBISVA9fPbC9RkJX66E4zVbsEUnDDBD<br />
9Rlu+3Dc0LwSjtAxXPDInmEh2mp3O/aZtMPVUPgDA4Ig7GbQC6W/<br />
-----END RSA PRIVATE KEY-----<br />
</pre><br />
<br />
== Creating an RSA Public Key from a Private Key Using OpenSSL ==<br />
openssl rsa -in private-key.pem -pubout -out public-key.pem<br />
<br />
This should give you another PEM file, containing the public key:<br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA1MSdsaPH2ShtjOo4c02+<br />
... (I CUT THESE LINES TO MAKE IT SHORTER)<br />
Snfpos7IxUTATpd6KTWUV3snVQnyiltCI1BHJC01sWePAgMBAAE=<br />
-----END PUBLIC KEY-----<br />
</pre><br />
<br />
== Creating an RSA Self-Signed Certificate Using OpenSSL ==<br />
Now that you have a private key, you can use it to generate a self-signed certificate. This is not required, but it allows you to use the key for server/client authentication, or gain X509 specific functionality in technologies such as JWT and SAML.<br />
openssl req -new -x509 -key private-key.pem -out cert.pem -days 360<br />
This will again generate yet another PEM file, this time containing the certificate created by your private key:<br />
<pre> <br />
-----BEGIN CERTIFICATE-----<br />
MIIEazCCAtOgAwIB....<br />
</pre><br />
You could leave things there, but often, when working on Windows, you will need to create a PFX file that contains both the certificate and the private key for you to export and use.<br />
<br />
You can do this using OpenSSL’s pkcs12 command:<br />
openssl pkcs12 -export -inkey private-key.pem -in cert.pem -out cert.pfx<br />
OpenSSL will ask you to create a password for the PFX file. Feel free to leave this blank.<br />
<br />
This should leave you with a certificate that Windows can both install and export the RSA private key from.<br />
<br />
<br />
-------------------------<br />
see also : [https://ubuntu.com/wsl https://ubuntu.com/wsl]</div>AliIybar