View Categories

Generating RSA Private Key and Certificate Request in Terminal (for macOS)

1 min read

Prerequisites

Make sure you can access the account specified and the common name on the “Digital certificate” page.

Be ready to give precise details during the certificate signing request (CSR) generation. This involves information such as country name, state or province name, locality name, organization name, etc.

Open the Command Line Interface (Terminal):

Begin by locating and opening the Terminal application on your computer.

  • The Terminal is a tool where you can perform various tasks by typing commands.
  • Ensure that your computer is secure and that you have the necessary permissions to access the Terminal.

Generate a Private Key

In the Terminal, type the following command: openssl genrsa -out 4096.key 4096.

Press “Enter” to execute the command.

  • This command creates a secure private key named 4096.key with a bit length of 4096. Think of this key as a secret code; do not share it with anyone.

To confirm that the key has been successfully created, type ls and press “Enter” to list the files.

You should see 4096.key in the list.

Verify Private Key Contents

To view the contents of the private key, type cat 4096.key and press “Enter”.

The Terminal will display the content of the key.

  • This content is sensitive and unique to your communication. Keep it confidential and secure.

Generate a Certificate Signing Request (CSR)

Type the command openssl req -new -key 4096.key -out 4096.csr and press “Enter”.

  • The Terminal will prompt you to provide information for the certificate. This information will be embedded in the certificate, so answer accurately.
  • The resulting file, 4096.csr, is like a formal request for a certificate. It will be shared publicly, but your private key remains private.

Enter CSR Information

You’ll be prompted to provide specific information for your certificate. Follow the prompts and provide the required details:

  • Country Name: Enter the two-letter code for your country (e.g., US for the United States).
  • State or Province Name: Enter the full name of your state or province.
  • Locality Name: Enter the name of your city.
  • Organization Name: Enter the name of your organization or company.
  • Organizational Unit Name: Optionally, enter the name of your organizational unit (e.g., IT department).
  • Common Name: Enter a common name that identifies your entity (You can find your common name in your Online account -> Manage -> Digital certificate -> Add button).
  • Email Address: Enter your email address.
  • A challenge password: Set a challenge password for an additional layer of security.

Inspect CSR Contents

Type ls to list files.

Then cat 4096.csr to inspect the contents of the CSR. This file is public, but it doesn’t compromise your private key.

Copy CSR Contents

Highlight the entire content of the CSR by pressing command+A and copy it with command+C.

Paste this content into a text file using command+V. This file acts as a record of your CSR.

Save CSR Information

Save the text file securely. It contains the information needed for your certificate but doesn’t reveal your private key.

What are your Feelings