OpenSSL Generate 4096-bit Certificate (Public/Private Key Encryption) with SHA256 Fingerprint
  1. Openssl Generate Rsa 2048 Key Generator
gencert.sh
# Generate Private Key and Certificate using RSA 256 encryption (4096-bit key)
openssl req -x509 -newkey rsa:4096 -keyout privatekey.pem -out certificate.pem -days 365
# Alternatively, setting the '-newkey' parameter to 'rsa:2048' will generate a 2048-bit key.
# Generate PKCS#12 (P12) file for cert; combines both key and certificate together
openssl pkcs12 -export -inkey privatekey.pem -in certificate.pem -out cert.pfx
# Generate SHA256 Fingerprint for Certificate and export to a file
openssl x509 -noout -fingerprint -sha256 -inform pem -in certificate.pem >> fingerprint.txt
# Generate SHA1 Fingerprint for Certificate and export to a file
#openssl x509 -noout -fingerprint -sha1 -inform pem -in certificate.pem >> fingerprint.txt
# FYI, it's best practice to use SHA256 instead of SHA1 for better security, but this shows how to do it if you REALLY need to.
Openssl Generate Rsa 2048 Key

How to Generate a CSR for Apache Web Server Using OpenSSL The following instructions will guide you through the CSR generation process on Apache OpenSSL. To learn more about CSRs and the importance of your private key, reference our.

commented Nov 7, 2019

Here's a couple useful links related to this:

Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

To perform the following actions for Windows or Linux, you must have OpenSSL installed on your system.

Generating the Private Key -- Windows

In Windows:

1. Open the Command Prompt (Start > Programs > Accessories > Command Prompt).

2. Navigate to the following folder:

Openssl Generate Rsa 2048 Key Generator

C:Program FilesListManagertclwebbincerts

3. Type the following:

openssl genrsa -out rsa.private 1024

4. Press ENTER. The private key is generated and saved in a file named 'rsa.private' located in the same folder.

NOTE The number '1024' in the above command indicates the size of the private key. You can choose one of five sizes: 512, 758, 1024, 1536 or 2048 (these numbers represent bits). The larger sizes offer greater security, but this is offset by a penalty in CPU performance. We recommend the best practice size of 1024.

Generating the Public Key -- Windows

1. At the command prompt, type the following:

openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM

2. Press ENTER. The public key is saved in a file named rsa.public located in the same folder.

Generating the Private Key -- Linux

1. Open the Terminal.

2. Navigate to the folder with the ListManager directory.

3. Type the following:

openssl genrsa -out rsa.private 1024

4. Press ENTER. The private key is generated and saved in a file named 'rsa.private' located in the same folder.

Generating the Public Key -- Linux

1. Open the Terminal.

2. Type the following:

openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM

2. Press ENTER. The public key is saved in a file named rsa.public located in the same folder.

Coments are closed
Scroll to top