Now, specify your parameter file when generating the CSR: openssl req -newkey ec:ECPARAM.pem -keyout PRIVATEKEY.key -out MYCSR.csr -out ECPARAM.pem provides a path and filename for the parameter file.If you prefer a 384-bit curve, change the portion after the colon to P-384. -pkeyopt ec_paramgen_curve:P-256 chooses a 256-bit curve.-algorithm ec specifies an elliptic curve algorithm.You could also generate a private key, but using the parameter file when generating the key and CSR ensures that you will be prompted for a pass phrase. -genparam generates a parameter file instead of a private key.openssl genpkey runs openssl’s utility for private key generation.This OpenSSL command will generate a parameter file for a 256-bit ECDSA key: openssl genpkey -genparam -algorithm ec -pkeyopt ec_paramgen_curve:P-256 -out ECPARAM.pem To create an ECDSA private key with your CSR, you need to invoke a second OpenSSL utility to generate the parameters for the ECDSA key. You will not receive any notification that your CSR was successfully created. Upon completion of this process, you will be returned to a command prompt. The Challenge Password field is optional and can be skipped as well.The Common Name field (required) is used for the Fully Qualified Domain Name (FQDN) of the website this certificate will protect.The Organization Name field (optional) is for the name of your company or organization.The Locality Name field (optional) is for your city or town.The Country Name (optional) takes a two-letter country code.If you would like to skip an optional item, simply type enter when it appears: The Common Name field is required by SSL.com when submitting your CSR, but the others are optional. This information is also known as the Distinguished Name, or DN. You will now be prompted to enter the information which will be included into your CSR.Remember this pass phrase because you will need it again to access your private key. First create and verify a pass phrase.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |