OpenSSL Step By Step Tutorial | How to Generate Keys, Certificates & CSR Using OpenSSL

OpenSSL step by step tutorial explaining how to generate key pair, how to export public key using openssl commands, how to create CSR using openSSL and how to generate self signed certificate using Open SSL command line tool.
To dowload openSSL visit:

To learn how to use Java Key Tool to generate self signed certificates:

To learn how to use Portecle to generate self signed certificates:

To learn difference between one-way and two-way SSL: .



Related Articles


  1. In this case can we generate public keys and match with public keys being used by differenrt companies?

  2. how to creat command "CLS" clear screen in this toolkit , or same equivalent???????????????????????

  3. Good explanation in detail. I have one query in terms of renewal. To renew the existing CA signed certificate, is it correct to give old CSR (CSR generated to get CA signed initially). Is there any validity for key pair and CSR generated?

  4. i am getting an error saying warning can't open config file: C:/OpenSSL/openssl.cnf please do help

  5. all those who are having error like me

    The only thing that worked for me in this situation was the self-created openssl.cnf file.

    Here are the basics needed for this exercise (edit as needed):


    # OpenSSL configuration file.


    # Establish working directory.


    dir = .

    [ ca ]

    default_ca = CA_default

    [ CA_default ]

    serial = $dir/serial

    database = $dir/certindex.txt

    new_certs_dir = $dir/certs

    certificate = $dir/cacert.pem

    private_key = $dir/private/cakey.pem

    default_days = 365

    default_md = md5

    preserve = no

    email_in_dn = no

    nameopt = default_ca

    certopt = default_ca

    policy = policy_match

    [ policy_match ]

    countryName = match

    stateOrProvinceName = match

    organizationName = match

    organizationalUnitName = optional

    commonName = supplied

    emailAddress = optional

    [ req ]

    default_bits = 1024 # Size of keys

    default_keyfile = key.pem # name of generated keys

    default_md = md5 # message digest algorithm

    string_mask = nombstr # permitted characters

    distinguished_name = req_distinguished_name

    req_extensions = v3_req

    [ req_distinguished_name ]

    # Variable name Prompt string

    #————————- ———————————-

    0.organizationName = Organization Name (company)

    organizationalUnitName = Organizational Unit Name (department, division)

    emailAddress = Email Address

    emailAddress_max = 40

    localityName = Locality Name (city, district)

    stateOrProvinceName = State or Province Name (full name)

    countryName = Country Name (2 letter code)

    countryName_min = 2

    countryName_max = 2

    commonName = Common Name (hostname, IP, or your name)

    commonName_max = 64

    # Default values for the above, for consistency and less typing.

    # Variable name Value

    #———————— ——————————

    0.organizationName_default = My Company

    localityName_default = My Town

    stateOrProvinceName_default = State or Providence

    countryName_default = US

    [ v3_ca ]

    basicConstraints = CA:TRUE

    subjectKeyIdentifier = hash

    authorityKeyIdentifier = keyid:always,issuer:always

    [ v3_req ]

    basicConstraints = CA:FALSE

    subjectKeyIdentifier = hash
    # copy till here

    now save this file and run the command as
    openssl req -new -key tutorialspedia.key -out tutorialspedia.csr -config openssl.cnf
    hope this will work for you 🙂

  6. Good job done. Very clearly explained and everything was right to the point and it held my attention. Everyone should do their training videos like this.

Leave a Reply