LibraryToggle FramesPrintFeedback

The options supported by the openssl req utility are as follows:

-inform arg

input format - one of DER TXT PEM


arg output format - one of DER TXT PEM

-in arg

inout file

-out arg

output file


text form of request


do not output REQ


verify signature on REQ


RSA modulus


do not encrypt the output key

-key file

use the private key contained in file

-keyform arg

key file format

-keyout arg

file to send the key to

-newkey rsa:bits

generate a new RSA key of ‘bits’ in size

-newkey dsa:file

generate a new DSA key, parameters taken from CA in ‘file’


Digest to sign with (md5, sha1, md2, mdc2)

-config file

request template file


new request


output an x509 structure instead of a certificate req. (Used for creating self signed certificates)


number of days an x509 generated by -x509 is valid for


by default, the req command generates the correct PKCS#10 format for certificate requests that contain no attributes. However, certain CAs only accept requests containing no attributes in an invalid form: this option produces this invalid format.

Comments powered by Disqus
loading table of contents...