Many OpenSSL commands require reading in a private key. While you can often create of a private key in the course of running the command, you may want to have a single key that you use for multiple commands. To create a private key, use the following openssl command:
> openssl genrsa -des3 -out key.pem 2048 Generating RSA private key, 2048 bit long modulus ......++++++ .................++++++ e is 65537 (0x10001) Enter pass phrase for key.pem: Verifying - Enter pass phrase for key.pem: >
Here's an explanation of the command line options:
- -des3 - an optional parameter to encrypt the private key with a triple DES cipher. With this option, you are prompted for a password which must be at least 4 characters long. If you do not want to be private key to be encrypted, omit this command line option.
- -out key.pem - write out the private key to the file key.pem.
- 2048 - generate a private key of type RSA of length 2048 bits. The minimum value is 512. Many people like to use 2048 for a more secure key.