2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-req - PKCS#10 certificate request and certificate generating utility
12 [B<-inform> B<DER>|B<PEM>]
13 [B<-outform> B<DER>|B<PEM>]
25 [B<-pkeyopt> I<opt>:I<value>]
28 [B<-keyform> B<DER>|B<PEM>]
29 [B<-keyout> I<filename>]
30 [B<-keygen_engine> I<id>]
32 [B<-config> I<filename>]
40 [B<-extensions> I<section>]
41 [B<-reqexts> I<section>]
47 [B<-sigopt> I<nm>:I<v>]
50 [B<-sm2-id> I<string>]
51 [B<-sm2-hex-id> I<hex-string>]
52 {- $OpenSSL::safe::opt_name_synopsis -}
53 {- $OpenSSL::safe::opt_r_synopsis -}
54 {- $OpenSSL::safe::opt_engine_synopsis -}
55 {- $OpenSSL::safe::opt_provider_synopsis -}
57 =for openssl ifdef engine keygen_engine sm2-id sm2-hex-id
61 This command primarily creates and processes certificate requests
62 in PKCS#10 format. It can additionally create self signed certificates
63 for use as root CAs for example.
71 Print out a usage message.
73 =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
75 The input and formats; the default is B<PEM>.
76 See L<openssl(1)/Format Options> for details.
78 The data is a PKCS#10 object.
80 =item B<-in> I<filename>
82 This specifies the input filename to read a request from or standard input
83 if this option is not specified. A request is only read if the creation
84 options (B<-new> and B<-newkey>) are not specified.
86 =item B<-sigopt> I<nm>:I<v>
88 Pass options to the signature algorithm during sign or verify operations.
89 Names and values of these options are algorithm-specific.
91 =item B<-passin> I<arg>, B<-passout> I<arg>
93 The password source for the input and output file.
94 For more information about the format of B<arg>
95 see L<openssl(1)/Pass Phrase Options>.
97 =item B<-out> I<filename>
99 This specifies the output filename to write to or standard output by
104 Prints out the certificate request in text form.
108 Prints out the request subject (or certificate subject if B<-x509> is
113 Outputs the public key.
117 This option prevents output of the encoded version of the request.
121 This option prints out the value of the modulus of the public key
122 contained in the request.
126 Verifies the signature on the request.
130 This option generates a new certificate request. It will prompt
131 the user for the relevant field values. The actual fields
132 prompted for and their maximum and minimum sizes are specified
133 in the configuration file and any requested extensions.
135 If the B<-key> option is not used it will generate a new RSA private
136 key using information specified in the configuration file.
138 =item B<-newkey> I<arg>
140 This option creates a new certificate request and a new private
141 key. The argument takes one of several forms.
143 B<rsa:>I<nbits>, where
144 I<nbits> is the number of bits, generates an RSA key I<nbits>
145 in size. If I<nbits> is omitted, i.e. B<-newkey> I<rsa> specified,
146 the default key size, specified in the configuration file is used.
148 All other algorithms support the B<-newkey> I<alg>:I<file> form, where file
149 may be an algorithm parameter file, created with C<openssl genpkey -genparam>
150 or an X.509 certificate for a key with appropriate algorithm.
152 B<param:>I<file> generates a key using the parameter file or certificate
153 I<file>, the algorithm is determined by the parameters. I<algname>:I<file>
154 use algorithm I<algname> and parameter file I<file>: the two algorithms must
155 match or an error occurs. I<algname> just uses algorithm I<algname>, and
156 parameters, if necessary should be specified via B<-pkeyopt> parameter.
158 B<dsa:>I<filename> generates a DSA key using the parameters
159 in the file I<filename>. B<ec:>I<filename> generates EC key (usable both with
160 ECDSA or ECDH algorithms), B<gost2001:>I<filename> generates GOST R
161 34.10-2001 key (requires B<gost> engine configured in the configuration
162 file). If just B<gost2001> is specified a parameter set should be
163 specified by B<-pkeyopt> I<paramset:X>
165 =item B<-pkeyopt> I<opt>:I<value>
167 Set the public key algorithm option I<opt> to I<value>. The precise set of
168 options supported depends on the public key algorithm used and its
170 See L<openssl-genpkey(1)/KEY GENERATION OPTIONS> for more details.
172 =item B<-key> I<filename>
174 This specifies the file to read the private key from. It also
175 accepts PKCS#8 format private keys for PEM format files.
177 =item B<-keyform> B<DER>|B<PEM>
179 The format of the private key; the default is B<PEM>.
180 See L<openssl(1)/Format Options> for details.
182 =item B<-keyout> I<filename>
184 This gives the filename to write the newly created private key to.
185 If this option is not specified then the filename present in the
186 configuration file is used.
190 If this option is specified then if a private key is created it
191 will not be encrypted.
195 This specifies the message digest to sign the request.
196 Any digest supported by the OpenSSL B<dgst> command can be used.
197 This overrides the digest algorithm specified in
198 the configuration file.
200 Some public key algorithms may override this choice. For instance, DSA
201 signatures always use SHA1, GOST R 34.10 signatures always use
202 GOST R 34.11-94 (B<-md_gost94>), Ed25519 and Ed448 never use any digest.
204 =item B<-config> I<filename>
206 This allows an alternative configuration file to be specified.
207 Optional; for a description of the default value,
208 see L<openssl(1)/COMMAND SUMMARY>.
210 =item B<-section> I<name>
212 Specifies the name of the section to use; the default is B<req>.
214 =item B<-subj> I<arg>
216 Sets subject name for new request or supersedes the subject name
217 when processing a request.
218 The arg must be formatted as C</type0=value0/type1=value1/type2=...>.
219 Keyword characters may be escaped by \ (backslash), and whitespace is retained.
220 Empty values are permitted, but the corresponding type will not be included
223 =item B<-multivalue-rdn>
225 This option causes the -subj argument to be interpreted with full
226 support for multivalued RDNs. Example:
228 C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
230 If -multi-rdn is not used then the UID value is C<123456+CN=John Doe>.
234 This option outputs a self signed certificate instead of a certificate
235 request. This is typically used to generate a test certificate or
236 a self signed root CA. The extensions added to the certificate
237 (if any) are specified in the configuration file. Unless specified
238 using the B<-set_serial> option, a large random number will be used for
241 If existing request is specified with the B<-in> option, it is converted
242 to the self signed certificate otherwise new request is created.
246 When the B<-x509> option is being used this specifies the number of
247 days to certify the certificate for, otherwise it is ignored. I<n> should
248 be a positive integer. The default is 30 days.
250 =item B<-set_serial> I<n>
252 Serial number to use when outputting a self signed certificate. This
253 may be specified as a decimal value or a hex value if preceded by C<0x>.
255 =item B<-addext> I<ext>
257 Add a specific extension to the certificate (if the B<-x509> option is
258 present) or certificate request. The argument must have the form of
259 a key=value pair as it would appear in a config file.
261 This option can be given multiple times.
263 =item B<-extensions> I<section>
265 =item B<-reqexts> I<section>
267 These options specify alternative sections to include certificate
268 extensions (if the B<-x509> option is present) or certificate
269 request extensions. This allows several different sections to
270 be used in the same configuration file to specify requests for
271 a variety of purposes.
275 A poison extension will be added to the certificate, making it a
276 "pre-certificate" (see RFC6962). This can be submitted to Certificate
277 Transparency logs in order to obtain signed certificate timestamps (SCTs).
278 These SCTs can then be embedded into the pre-certificate as an extension, before
279 removing the poison and signing the certificate.
281 This implies the B<-new> flag.
285 This option causes field values to be interpreted as UTF8 strings, by
286 default they are interpreted as ASCII. This means that the field
287 values, whether prompted from a terminal or obtained from a
288 configuration file, must be valid UTF8 strings.
290 =item B<-reqopt> I<option>
292 Customise the output format used with B<-text>. The I<option> argument can be
293 a single option or multiple options separated by commas.
295 See discussion of the B<-certopt> parameter in the L<openssl-x509(1)>
300 Adds the word B<NEW> to the PEM file header and footer lines on the outputted
301 request. Some software (Netscape certificate server) and some CAs need this.
305 Non-interactive mode.
309 Print extra details about the operations being performed.
311 =item B<-keygen_engine> I<id>
313 Specifies an engine (by its unique I<id> string) which would be used
314 for key generation operations.
318 Specify the ID string to use when verifying an SM2 certificate request. The ID
319 string is required by the SM2 signature algorithm for signing and verification.
323 Specify a binary ID string to use when verifying an SM2 certificate request. The
324 argument for this option is string of hexadecimal digits.
326 {- $OpenSSL::safe::opt_name_item -}
328 {- $OpenSSL::safe::opt_r_item -}
330 {- $OpenSSL::safe::opt_engine_item -}
332 {- $OpenSSL::safe::opt_provider_item -}
336 =head1 CONFIGURATION FILE FORMAT
338 The configuration options are specified in the B<req> section of
339 the configuration file. An alternate name be specified by using the
341 As with all configuration files, if no
342 value is specified in the specific section then
343 the initial unnamed or B<default> section is searched too.
345 The options available are described in detail below.
349 =item B<input_password output_password>
351 The passwords for the input private key file (if present) and
352 the output private key file (if one will be created). The
353 command line options B<passin> and B<passout> override the
354 configuration file values.
356 =item B<default_bits>
358 Specifies the default key size in bits.
360 This option is used in conjunction with the B<-new> option to generate
361 a new key. It can be overridden by specifying an explicit key size in
362 the B<-newkey> option. The smallest accepted key size is 512 bits. If
363 no key size is specified then 2048 bits is used.
365 =item B<default_keyfile>
367 This is the default filename to write a private key to. If not
368 specified the key is written to standard output. This can be
369 overridden by the B<-keyout> option.
373 This specifies a file containing additional B<OBJECT IDENTIFIERS>.
374 Each line of the file should consist of the numerical form of the
375 object identifier followed by white space then the short name followed
376 by white space and finally the long name.
380 This specifies a section in the configuration file containing extra
381 object identifiers. Each line should consist of the short name of the
382 object identifier followed by B<=> and the numerical form. The short
383 and long names are the same when this option is used.
387 At startup the specified file is loaded into the random number generator,
388 and at exit 256 bytes will be written to it.
389 It is used for private key generation.
393 If this is set to B<no> then if a private key is generated it is
394 B<not> encrypted. This is equivalent to the B<-nodes> command line
395 option. For compatibility B<encrypt_rsa_key> is an equivalent option.
399 This option specifies the digest algorithm to use. Any digest supported by the
400 OpenSSL B<dgst> command can be used. This option can be overridden on the
401 command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore
402 any digest that has been set.
406 This option masks out the use of certain string types in certain
407 fields. Most users will not need to change this option.
409 It can be set to several values B<default> which is also the default
410 option uses PrintableStrings, T61Strings and BMPStrings if the
411 B<pkix> value is used then only PrintableStrings and BMPStrings will
412 be used. This follows the PKIX recommendation in RFC2459. If the
413 B<utf8only> option is used then only UTF8Strings will be used: this
414 is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr>
415 option just uses PrintableStrings and T61Strings: certain software has
416 problems with BMPStrings and UTF8Strings: in particular Netscape.
418 =item B<req_extensions>
420 This specifies the configuration file section containing a list of
421 extensions to add to the certificate request. It can be overridden
422 by the B<-reqexts> command line switch. See the
423 L<x509v3_config(5)> manual page for details of the
424 extension section format.
426 =item B<x509_extensions>
428 This specifies the configuration file section containing a list of
429 extensions to add to certificate generated when the B<-x509> switch
430 is used. It can be overridden by the B<-extensions> command line switch.
434 If set to the value B<no> this disables prompting of certificate fields
435 and just takes values from the config file directly. It also changes the
436 expected format of the B<distinguished_name> and B<attributes> sections.
440 If set to the value B<yes> then field values to be interpreted as UTF8
441 strings, by default they are interpreted as ASCII. This means that
442 the field values, whether prompted from a terminal or obtained from a
443 configuration file, must be valid UTF8 strings.
447 This specifies the section containing any request attributes: its format
448 is the same as B<distinguished_name>. Typically these may contain the
449 challengePassword or unstructuredName types. They are currently ignored
450 by OpenSSL's request signing utilities but some CAs might want them.
452 =item B<distinguished_name>
454 This specifies the section containing the distinguished name fields to
455 prompt for when generating a certificate or certificate request. The format
456 is described in the next section.
460 =head1 DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT
462 There are two separate formats for the distinguished name and attribute
463 sections. If the B<prompt> option is set to B<no> then these sections
464 just consist of field names and values: for example,
468 emailAddress=someone@somewhere.org
470 This allows external programs (e.g. GUI based) to generate a template file with
471 all the field names and values and just pass it to this command. An example
472 of this kind of configuration file is contained in the B<EXAMPLES> section.
474 Alternatively if the B<prompt> option is absent or not set to B<no> then the
475 file contains field prompting information. It consists of lines of the form:
478 fieldName_default="default field value"
482 "fieldName" is the field name being used, for example commonName (or CN).
483 The "prompt" string is used to ask the user to enter the relevant
484 details. If the user enters nothing then the default value is used if no
485 default value is present then the field is omitted. A field can
486 still be omitted if a default value is present if the user just
487 enters the '.' character.
489 The number of characters entered must be between the fieldName_min and
490 fieldName_max limits: there may be additional restrictions based
491 on the field being used (for example countryName can only ever be
492 two characters long and must fit in a PrintableString).
494 Some fields (such as organizationName) can be used more than once
495 in a DN. This presents a problem because configuration files will
496 not recognize the same name occurring twice. To avoid this problem
497 if the fieldName contains some characters followed by a full stop
498 they will be ignored. So for example a second organizationName can
499 be input by calling it "1.organizationName".
501 The actual permitted field names are any object identifier short or
502 long names. These are compiled into OpenSSL and include the usual
503 values such as commonName, countryName, localityName, organizationName,
504 organizationalUnitName, stateOrProvinceName. Additionally emailAddress
505 is included as well as name, surname, givenName, initials, and dnQualifier.
507 Additional object identifiers can be defined with the B<oid_file> or
508 B<oid_section> options in the configuration file. Any additional fields
509 will be treated as though they were a DirectoryString.
514 Examine and verify certificate request:
516 openssl req -in req.pem -text -verify -noout
518 Create a private key and then generate a certificate request from it:
520 openssl genrsa -out key.pem 2048
521 openssl req -new -key key.pem -out req.pem
523 The same but just using req:
525 openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
527 Generate a self signed root certificate:
529 openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem
531 Create an SM2 private key and then generate a certificate request from it:
533 openssl ecparam -genkey -name SM2 -out sm2.key
534 openssl req -new -key sm2.key -out sm2.csr -sm3 -sigopt "sm2_id:1234567812345678"
536 Examine and verify an SM2 certificate request:
538 openssl req -verify -in sm2.csr -sm3 -sm2-id 1234567812345678
540 Example of a file pointed to by the B<oid_file> option:
542 1.2.3.4 shortName A longer Name
543 1.2.3.6 otherName Other longer Name
545 Example of a section pointed to by B<oid_section> making use of variable
549 testoid2=${testoid1}.6
551 Sample configuration file prompting for field values:
555 default_keyfile = privkey.pem
556 distinguished_name = req_distinguished_name
557 attributes = req_attributes
558 req_extensions = v3_ca
560 dirstring_type = nobmp
562 [ req_distinguished_name ]
563 countryName = Country Name (2 letter code)
564 countryName_default = AU
568 localityName = Locality Name (eg, city)
570 organizationalUnitName = Organizational Unit Name (eg, section)
572 commonName = Common Name (eg, YOUR name)
575 emailAddress = Email Address
576 emailAddress_max = 40
579 challengePassword = A challenge password
580 challengePassword_min = 4
581 challengePassword_max = 20
585 subjectKeyIdentifier=hash
586 authorityKeyIdentifier=keyid:always,issuer:always
587 basicConstraints = critical, CA:true
589 Sample configuration containing all field values:
594 default_keyfile = keyfile.pem
595 distinguished_name = req_distinguished_name
596 attributes = req_attributes
598 output_password = mypass
600 [ req_distinguished_name ]
602 ST = Test State or Province
604 O = Organization Name
605 OU = Organizational Unit Name
607 emailAddress = test@email.address
610 challengePassword = A challenge password
612 Example of giving the most common attributes (subject and extensions)
615 openssl req -new -subj "/C=GB/CN=foo" \
616 -addext "subjectAltName = DNS:foo.co.uk" \
617 -addext "certificatePolicies = 1.2.3.4" \
618 -newkey rsa:2048 -keyout key.pem -out req.pem
623 The certificate requests generated by B<Xenroll> with MSIE have extensions
624 added. It includes the B<keyUsage> extension which determines the type of
625 key (signature only or general purpose) and any additional OIDs entered
626 by the script in an B<extendedKeyUsage> extension.
630 The following messages are frequently asked about:
632 Using configuration from /some/path/openssl.cnf
633 Unable to load config info
635 This is followed some time later by:
637 unable to find 'distinguished_name' in config
638 problems making Certificate Request
640 The first error message is the clue: it can't find the configuration
641 file! Certain operations (like examining a certificate request) don't
642 need a configuration file so its use isn't enforced. Generation of
643 certificates or requests however does need a configuration file. This
644 could be regarded as a bug.
646 Another puzzling message is this:
651 this is displayed when no attributes are present and the request includes
652 the correct empty B<SET OF> structure (the DER encoding of which is 0xa0
653 0x00). If you just see:
657 then the B<SET OF> is missing and the encoding is technically invalid (but
658 it is tolerated). See the description of the command line option B<-asn1-kludge>
659 for more information.
663 OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
664 treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour.
665 This can cause problems if you need characters that aren't available in
666 PrintableStrings and you don't want to or can't use BMPStrings.
668 As a consequence of the T61String handling the only correct way to represent
669 accented characters in OpenSSL is to use a BMPString: unfortunately Netscape
670 currently chokes on these. If you have to use accented characters with Netscape
671 and MSIE then you currently need to use the invalid T61String form.
673 The current prompting is not very friendly. It doesn't allow you to confirm what
674 you've just entered. Other things like extensions in certificate requests are
675 statically defined in the configuration file. Some of these: like an email
676 address in subjectAltName should be input by the user.
683 L<openssl-genrsa(1)>,
684 L<openssl-gendsa(1)>,
690 The B<-section> option was added in OpenSSL 3.0.0.
694 Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
696 Licensed under the Apache License 2.0 (the "License"). You may not use
697 this file except in compliance with the License. You can obtain a copy
698 in the file LICENSE in the source distribution or at
699 L<https://www.openssl.org/source/license.html>.