2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-req - PKCS#10 certificate request and certificate generating command
12 [B<-inform> B<DER>|B<PEM>]
13 [B<-outform> B<DER>|B<PEM>]
25 [B<-pkeyopt> I<opt>:I<value>]
29 [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
30 [B<-keyout> I<filename>]
31 [B<-keygen_engine> I<id>]
33 [B<-config> I<filename>]
41 [B<-extensions> I<section>]
42 [B<-reqexts> I<section>]
48 [B<-sigopt> I<nm>:I<v>]
49 [B<-vfyopt> I<nm>:I<v>]
52 {- $OpenSSL::safe::opt_name_synopsis -}
53 {- $OpenSSL::safe::opt_r_synopsis -}
54 {- $OpenSSL::safe::opt_engine_synopsis -}
55 {- $OpenSSL::safe::opt_provider_synopsis -}
57 =for openssl ifdef engine keygen_engine
61 This command primarily creates and processes certificate requests
62 in PKCS#10 format. It can additionally create self signed certificates
63 for use as root CAs for example.
71 Print out a usage message.
73 =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
75 The input and formats; the default is B<PEM>.
76 See L<openssl(1)/Format Options> for details.
78 The data is a PKCS#10 object.
80 =item B<-in> I<filename>
82 This specifies the input filename to read a request from or standard input
83 if this option is not specified. A request is only read if the creation
84 options (B<-new> and B<-newkey>) are not specified.
86 =item B<-sigopt> I<nm>:I<v>
88 Pass options to the signature algorithm during sign operations.
89 Names and values of these options are algorithm-specific.
91 =item B<-vfyopt> I<nm>:I<v>
93 Pass options to the signature algorithm during verify operations.
94 Names and values of these options are algorithm-specific.
98 Maybe it would be preferable to only have -opts instead of -sigopt and
99 -vfyopt? They are both present here to be compatible with L<openssl-ca(1)>,
100 which supports both options for good reasons.
104 =item B<-passin> I<arg>, B<-passout> I<arg>
106 The password source for the input and output file.
107 For more information about the format of B<arg>
108 see L<openssl(1)/Pass Phrase Options>.
110 =item B<-out> I<filename>
112 This specifies the output filename to write to or standard output by
117 Prints out the certificate request in text form.
121 Prints out the request subject (or certificate subject if B<-x509> is
126 Outputs the public key.
130 This option prevents output of the encoded version of the request.
134 This option prints out the value of the modulus of the public key
135 contained in the request.
139 Verifies the signature on the request.
143 This option generates a new certificate request. It will prompt
144 the user for the relevant field values. The actual fields
145 prompted for and their maximum and minimum sizes are specified
146 in the configuration file and any requested extensions.
148 If the B<-key> option is not used it will generate a new RSA private
149 key using information specified in the configuration file.
151 =item B<-newkey> I<arg>
153 This option creates a new certificate request and a new private
154 key. The argument takes one of several forms.
156 B<rsa:>I<nbits>, where
157 I<nbits> is the number of bits, generates an RSA key I<nbits>
158 in size. If I<nbits> is omitted, i.e. B<-newkey> I<rsa> specified,
159 the default key size, specified in the configuration file is used.
161 All other algorithms support the B<-newkey> I<alg>:I<file> form, where file
162 may be an algorithm parameter file, created with C<openssl genpkey -genparam>
163 or an X.509 certificate for a key with appropriate algorithm.
165 B<param:>I<file> generates a key using the parameter file or certificate
166 I<file>, the algorithm is determined by the parameters. I<algname>:I<file>
167 use algorithm I<algname> and parameter file I<file>: the two algorithms must
168 match or an error occurs. I<algname> just uses algorithm I<algname>, and
169 parameters, if necessary should be specified via B<-pkeyopt> parameter.
171 B<dsa:>I<filename> generates a DSA key using the parameters
172 in the file I<filename>. B<ec:>I<filename> generates EC key (usable both with
173 ECDSA or ECDH algorithms), B<gost2001:>I<filename> generates GOST R
174 34.10-2001 key (requires B<gost> engine configured in the configuration
175 file). If just B<gost2001> is specified a parameter set should be
176 specified by B<-pkeyopt> I<paramset:X>
178 =item B<-pkeyopt> I<opt>:I<value>
180 Set the public key algorithm option I<opt> to I<value>. The precise set of
181 options supported depends on the public key algorithm used and its
183 See L<openssl-genpkey(1)/KEY GENERATION OPTIONS> for more details.
185 =item B<-key> I<filename>
187 This specifies the file to read the private key from. It also
188 accepts PKCS#8 format private keys for PEM format files.
190 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
192 The format of the private key; the default is B<PEM>.
193 The only value with effect is B<ENGINE>; all others have become obsolete.
194 See L<openssl(1)/Format Options> for details.
196 =item B<-keyout> I<filename>
198 This gives the filename to write the newly created private key to.
199 If this option is not specified then the filename present in the
200 configuration file is used.
204 If this option is specified then if a private key is created it
205 will not be encrypted.
209 This option is deprecated since OpenSSL 3.0; use B<-noenc> instead.
213 This specifies the message digest to sign the request.
214 Any digest supported by the OpenSSL B<dgst> command can be used.
215 This overrides the digest algorithm specified in
216 the configuration file.
218 Some public key algorithms may override this choice. For instance, DSA
219 signatures always use SHA1, GOST R 34.10 signatures always use
220 GOST R 34.11-94 (B<-md_gost94>), Ed25519 and Ed448 never use any digest.
222 =item B<-config> I<filename>
224 This allows an alternative configuration file to be specified.
225 Optional; for a description of the default value,
226 see L<openssl(1)/COMMAND SUMMARY>.
228 =item B<-section> I<name>
230 Specifies the name of the section to use; the default is B<req>.
232 =item B<-subj> I<arg>
234 Sets subject name for new request or supersedes the subject name
235 when processing a request.
236 The arg must be formatted as C</type0=value0/type1=value1/type2=...>.
237 Keyword characters may be escaped by \ (backslash), and whitespace is retained.
238 Empty values are permitted, but the corresponding type will not be included
241 =item B<-multivalue-rdn>
243 This option causes the -subj argument to be interpreted with full
244 support for multivalued RDNs. Example:
246 C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
248 If -multi-rdn is not used then the UID value is C<123456+CN=John Doe>.
252 This option outputs a self signed certificate instead of a certificate
253 request. This is typically used to generate a test certificate or
254 a self signed root CA. The extensions added to the certificate
255 (if any) are specified in the configuration file. Unless specified
256 using the B<-set_serial> option, a large random number will be used for
259 If existing request is specified with the B<-in> option, it is converted
260 to the self signed certificate otherwise new request is created.
264 When the B<-x509> option is being used this specifies the number of
265 days to certify the certificate for, otherwise it is ignored. I<n> should
266 be a positive integer. The default is 30 days.
268 =item B<-set_serial> I<n>
270 Serial number to use when outputting a self signed certificate. This
271 may be specified as a decimal value or a hex value if preceded by C<0x>.
273 =item B<-addext> I<ext>
275 Add a specific extension to the certificate (if the B<-x509> option is
276 present) or certificate request. The argument must have the form of
277 a key=value pair as it would appear in a config file.
279 This option can be given multiple times.
281 =item B<-extensions> I<section>
283 =item B<-reqexts> I<section>
285 These options specify alternative sections to include certificate
286 extensions (if the B<-x509> option is present) or certificate
287 request extensions. This allows several different sections to
288 be used in the same configuration file to specify requests for
289 a variety of purposes.
293 A poison extension will be added to the certificate, making it a
294 "pre-certificate" (see RFC6962). This can be submitted to Certificate
295 Transparency logs in order to obtain signed certificate timestamps (SCTs).
296 These SCTs can then be embedded into the pre-certificate as an extension, before
297 removing the poison and signing the certificate.
299 This implies the B<-new> flag.
303 This option causes field values to be interpreted as UTF8 strings, by
304 default they are interpreted as ASCII. This means that the field
305 values, whether prompted from a terminal or obtained from a
306 configuration file, must be valid UTF8 strings.
308 =item B<-reqopt> I<option>
310 Customise the output format used with B<-text>. The I<option> argument can be
311 a single option or multiple options separated by commas.
313 See discussion of the B<-certopt> parameter in the L<openssl-x509(1)>
318 Adds the word B<NEW> to the PEM file header and footer lines on the outputted
319 request. Some software (Netscape certificate server) and some CAs need this.
323 Non-interactive mode.
327 Print extra details about the operations being performed.
329 =item B<-keygen_engine> I<id>
331 Specifies an engine (by its unique I<id> string) which would be used
332 for key generation operations.
334 {- $OpenSSL::safe::opt_name_item -}
336 {- $OpenSSL::safe::opt_r_item -}
338 {- $OpenSSL::safe::opt_engine_item -}
340 {- $OpenSSL::safe::opt_provider_item -}
344 =head1 CONFIGURATION FILE FORMAT
346 The configuration options are specified in the B<req> section of
347 the configuration file. An alternate name be specified by using the
349 As with all configuration files, if no
350 value is specified in the specific section then
351 the initial unnamed or B<default> section is searched too.
353 The options available are described in detail below.
357 =item B<input_password output_password>
359 The passwords for the input private key file (if present) and
360 the output private key file (if one will be created). The
361 command line options B<passin> and B<passout> override the
362 configuration file values.
364 =item B<default_bits>
366 Specifies the default key size in bits.
368 This option is used in conjunction with the B<-new> option to generate
369 a new key. It can be overridden by specifying an explicit key size in
370 the B<-newkey> option. The smallest accepted key size is 512 bits. If
371 no key size is specified then 2048 bits is used.
373 =item B<default_keyfile>
375 This is the default filename to write a private key to. If not
376 specified the key is written to standard output. This can be
377 overridden by the B<-keyout> option.
381 This specifies a file containing additional B<OBJECT IDENTIFIERS>.
382 Each line of the file should consist of the numerical form of the
383 object identifier followed by whitespace then the short name followed
384 by whitespace and finally the long name.
388 This specifies a section in the configuration file containing extra
389 object identifiers. Each line should consist of the short name of the
390 object identifier followed by B<=> and the numerical form. The short
391 and long names are the same when this option is used.
395 At startup the specified file is loaded into the random number generator,
396 and at exit 256 bytes will be written to it.
397 It is used for private key generation.
401 If this is set to B<no> then if a private key is generated it is
402 B<not> encrypted. This is equivalent to the B<-noenc> command line
403 option. For compatibility B<encrypt_rsa_key> is an equivalent option.
407 This option specifies the digest algorithm to use. Any digest supported by the
408 OpenSSL B<dgst> command can be used. This option can be overridden on the
409 command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore
410 any digest that has been set.
414 This option masks out the use of certain string types in certain
415 fields. Most users will not need to change this option.
417 It can be set to several values B<default> which is also the default
418 option uses PrintableStrings, T61Strings and BMPStrings if the
419 B<pkix> value is used then only PrintableStrings and BMPStrings will
420 be used. This follows the PKIX recommendation in RFC2459. If the
421 B<utf8only> option is used then only UTF8Strings will be used: this
422 is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr>
423 option just uses PrintableStrings and T61Strings: certain software has
424 problems with BMPStrings and UTF8Strings: in particular Netscape.
426 =item B<req_extensions>
428 This specifies the configuration file section containing a list of
429 extensions to add to the certificate request. It can be overridden
430 by the B<-reqexts> command line switch. See the
431 L<x509v3_config(5)> manual page for details of the
432 extension section format.
434 =item B<x509_extensions>
436 This specifies the configuration file section containing a list of
437 extensions to add to certificate generated when the B<-x509> switch
438 is used. It can be overridden by the B<-extensions> command line switch.
442 If set to the value B<no> this disables prompting of certificate fields
443 and just takes values from the config file directly. It also changes the
444 expected format of the B<distinguished_name> and B<attributes> sections.
448 If set to the value B<yes> then field values to be interpreted as UTF8
449 strings, by default they are interpreted as ASCII. This means that
450 the field values, whether prompted from a terminal or obtained from a
451 configuration file, must be valid UTF8 strings.
455 This specifies the section containing any request attributes: its format
456 is the same as B<distinguished_name>. Typically these may contain the
457 challengePassword or unstructuredName types. They are currently ignored
458 by OpenSSL's request signing utilities but some CAs might want them.
460 =item B<distinguished_name>
462 This specifies the section containing the distinguished name fields to
463 prompt for when generating a certificate or certificate request. The format
464 is described in the next section.
468 =head1 DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT
470 There are two separate formats for the distinguished name and attribute
471 sections. If the B<prompt> option is set to B<no> then these sections
472 just consist of field names and values: for example,
476 emailAddress=someone@somewhere.org
478 This allows external programs (e.g. GUI based) to generate a template file with
479 all the field names and values and just pass it to this command. An example
480 of this kind of configuration file is contained in the B<EXAMPLES> section.
482 Alternatively if the B<prompt> option is absent or not set to B<no> then the
483 file contains field prompting information. It consists of lines of the form:
486 fieldName_default="default field value"
490 "fieldName" is the field name being used, for example commonName (or CN).
491 The "prompt" string is used to ask the user to enter the relevant
492 details. If the user enters nothing then the default value is used if no
493 default value is present then the field is omitted. A field can
494 still be omitted if a default value is present if the user just
495 enters the '.' character.
497 The number of characters entered must be between the fieldName_min and
498 fieldName_max limits: there may be additional restrictions based
499 on the field being used (for example countryName can only ever be
500 two characters long and must fit in a PrintableString).
502 Some fields (such as organizationName) can be used more than once
503 in a DN. This presents a problem because configuration files will
504 not recognize the same name occurring twice. To avoid this problem
505 if the fieldName contains some characters followed by a full stop
506 they will be ignored. So for example a second organizationName can
507 be input by calling it "1.organizationName".
509 The actual permitted field names are any object identifier short or
510 long names. These are compiled into OpenSSL and include the usual
511 values such as commonName, countryName, localityName, organizationName,
512 organizationalUnitName, stateOrProvinceName. Additionally emailAddress
513 is included as well as name, surname, givenName, initials, and dnQualifier.
515 Additional object identifiers can be defined with the B<oid_file> or
516 B<oid_section> options in the configuration file. Any additional fields
517 will be treated as though they were a DirectoryString.
522 Examine and verify certificate request:
524 openssl req -in req.pem -text -verify -noout
526 Create a private key and then generate a certificate request from it:
528 openssl genrsa -out key.pem 2048
529 openssl req -new -key key.pem -out req.pem
531 The same but just using req:
533 openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
535 Generate a self signed root certificate:
537 openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem
539 Create an SM2 private key and then generate a certificate request from it:
541 openssl ecparam -genkey -name SM2 -out sm2.key
542 openssl req -new -key sm2.key -out sm2.csr -sm3 -sigopt "distid:1234567812345678"
544 Examine and verify an SM2 certificate request:
546 openssl req -verify -in sm2.csr -sm3 -vfyopt "distid:1234567812345678"
548 Example of a file pointed to by the B<oid_file> option:
550 1.2.3.4 shortName A longer Name
551 1.2.3.6 otherName Other longer Name
553 Example of a section pointed to by B<oid_section> making use of variable
557 testoid2=${testoid1}.6
559 Sample configuration file prompting for field values:
563 default_keyfile = privkey.pem
564 distinguished_name = req_distinguished_name
565 attributes = req_attributes
566 req_extensions = v3_ca
568 dirstring_type = nobmp
570 [ req_distinguished_name ]
571 countryName = Country Name (2 letter code)
572 countryName_default = AU
576 localityName = Locality Name (eg, city)
578 organizationalUnitName = Organizational Unit Name (eg, section)
580 commonName = Common Name (eg, YOUR name)
583 emailAddress = Email Address
584 emailAddress_max = 40
587 challengePassword = A challenge password
588 challengePassword_min = 4
589 challengePassword_max = 20
593 subjectKeyIdentifier=hash
594 authorityKeyIdentifier=keyid:always,issuer:always
595 basicConstraints = critical, CA:true
597 Sample configuration containing all field values:
602 default_keyfile = keyfile.pem
603 distinguished_name = req_distinguished_name
604 attributes = req_attributes
606 output_password = mypass
608 [ req_distinguished_name ]
610 ST = Test State or Province
612 O = Organization Name
613 OU = Organizational Unit Name
615 emailAddress = test@email.address
618 challengePassword = A challenge password
620 Example of giving the most common attributes (subject and extensions)
623 openssl req -new -subj "/C=GB/CN=foo" \
624 -addext "subjectAltName = DNS:foo.co.uk" \
625 -addext "certificatePolicies = 1.2.3.4" \
626 -newkey rsa:2048 -keyout key.pem -out req.pem
631 The certificate requests generated by B<Xenroll> with MSIE have extensions
632 added. It includes the B<keyUsage> extension which determines the type of
633 key (signature only or general purpose) and any additional OIDs entered
634 by the script in an B<extendedKeyUsage> extension.
638 The following messages are frequently asked about:
640 Using configuration from /some/path/openssl.cnf
641 Unable to load config info
643 This is followed some time later by:
645 unable to find 'distinguished_name' in config
646 problems making Certificate Request
648 The first error message is the clue: it can't find the configuration
649 file! Certain operations (like examining a certificate request) don't
650 need a configuration file so its use isn't enforced. Generation of
651 certificates or requests however does need a configuration file. This
652 could be regarded as a bug.
654 Another puzzling message is this:
659 this is displayed when no attributes are present and the request includes
660 the correct empty B<SET OF> structure (the DER encoding of which is 0xa0
661 0x00). If you just see:
665 then the B<SET OF> is missing and the encoding is technically invalid (but
666 it is tolerated). See the description of the command line option B<-asn1-kludge>
667 for more information.
671 OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
672 treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour.
673 This can cause problems if you need characters that aren't available in
674 PrintableStrings and you don't want to or can't use BMPStrings.
676 As a consequence of the T61String handling the only correct way to represent
677 accented characters in OpenSSL is to use a BMPString: unfortunately Netscape
678 currently chokes on these. If you have to use accented characters with Netscape
679 and MSIE then you currently need to use the invalid T61String form.
681 The current prompting is not very friendly. It doesn't allow you to confirm what
682 you've just entered. Other things like extensions in certificate requests are
683 statically defined in the configuration file. Some of these: like an email
684 address in subjectAltName should be input by the user.
691 L<openssl-genrsa(1)>,
692 L<openssl-gendsa(1)>,
698 The B<-section> option was added in OpenSSL 3.0.0.
700 All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
703 The B<-engine> option was deprecated in OpenSSL 3.0.
704 The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead.
708 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
710 Licensed under the Apache License 2.0 (the "License"). You may not use
711 this file except in compliance with the License. You can obtain a copy
712 in the file LICENSE in the source distribution or at
713 L<https://www.openssl.org/source/license.html>.