Generating a private key

Edit online

A private key file is a text file that can be opened with any text editor. The file must have a *.pem extension. It will look something like this (only much longer):

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,F6F1F37584D8189C97F23F9DCD431B42
qwabUGR9ag09wq1nDtsB3hSuXtJdOBhEn3Wok6qrIWqE8VL8Ss5N7U4MNIWA4G9A ...
-----END RSA PRIVATE KEY-----

The genrsa command is used to generate an RSA private key file.

The most basic form of the genrsa command specifies the name of the output file containing the key and specifies AES256 encryption (required).

Windows
Openssl> genrsa -out key-filename.pem -aes256
Linux
$ openssl genrsa -out key-filename.pem -aes256

The –pass option adds password protection to the certificate. If specified, tape library users will be required to enter this password to log in to the GUI.

Windows
Openssl> genrsa -out key-filename.pem -aes256 -passout pass:Passw0rd1
Linux
$ openssl genrsa -out key-filename.pem -aes256 -passout pass:Passw0rd1

If you do not specify a size for the private key, the genrsa command uses the default value of 512 bits. To specify a different key size, enter the value as shown in the following example (2048). The key size must be the last option in the command.

Windows
Openssl> genrsa -out key-filename.pem -aes256 -passout pass:Passw0rd1 2048
Linux
$ openssl genrsa -out key-filename.pem -aes256 -passout pass:Passw0rd1 2048