6 req - PKCS#10 certificate request and certificate generating utility
32 [B<-keygen_engine id>]
41 [B<-extensions section>]
55 The B<req> command primarily creates and processes certificate requests
56 in PKCS#10 format. It can additionally create self signed certificates
57 for use as root CAs for example.
65 Print out a usage message.
67 =item B<-inform DER|PEM>
69 This specifies the input format. The B<DER> option uses an ASN1 DER encoded
70 form compatible with the PKCS#10. The B<PEM> form is the default format: it
71 consists of the B<DER> format base64 encoded with additional header and
74 =item B<-outform DER|PEM>
76 This specifies the output format, the options have the same meaning and default
77 as the B<-inform> option.
81 This specifies the input filename to read a request from or standard input
82 if this option is not specified. A request is only read if the creation
83 options (B<-new> and B<-newkey>) are not specified.
87 The input file password source. For more information about the format of B<arg>
88 see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
90 =item B<-out filename>
92 This specifies the output filename to write to or standard output by
97 The output file password source. For more information about the format of B<arg>
98 see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
102 Prints out the certificate request in text form.
106 Prints out the request subject (or certificate subject if B<-x509> is
111 Outputs the public key.
115 This option prevents output of the encoded version of the request.
119 This option prints out the value of the modulus of the public key
120 contained in the request.
124 Verifies the signature on the request.
128 This option generates a new certificate request. It will prompt
129 the user for the relevant field values. The actual fields
130 prompted for and their maximum and minimum sizes are specified
131 in the configuration file and any requested extensions.
133 If the B<-key> option is not used it will generate a new RSA private
134 key using information specified in the configuration file.
136 =item B<-rand file...>
138 A file or files containing random data used to seed the random number
140 Multiple files can be specified separated by an OS-dependent character.
141 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
144 =item [B<-writerand file>]
146 Writes random data to the specified I<file> upon exit.
147 This can be used with a subsequent B<-rand> flag.
151 This option creates a new certificate request and a new private
152 key. The argument takes one of several forms. B<rsa:nbits>, where
153 B<nbits> is the number of bits, generates an RSA key B<nbits>
154 in size. If B<nbits> is omitted, i.e. B<-newkey rsa> specified,
155 the default key size, specified in the configuration file is used.
157 All other algorithms support the B<-newkey alg:file> form, where file may be
158 an algorithm parameter file, created by the B<genpkey -genparam> command
159 or and X.509 certificate for a key with appropriate algorithm.
161 B<param:file> generates a key using the parameter file or certificate B<file>,
162 the algorithm is determined by the parameters. B<algname:file> use algorithm
163 B<algname> and parameter file B<file>: the two algorithms must match or an
164 error occurs. B<algname> just uses algorithm B<algname>, and parameters,
165 if necessary should be specified via B<-pkeyopt> parameter.
167 B<dsa:filename> generates a DSA key using the parameters
168 in the file B<filename>. B<ec:filename> generates EC key (usable both with
169 ECDSA or ECDH algorithms), B<gost2001:filename> generates GOST R
170 34.10-2001 key (requires B<ccgost> engine configured in the configuration
171 file). If just B<gost2001> is specified a parameter set should be
172 specified by B<-pkeyopt paramset:X>
175 =item B<-pkeyopt opt:value>
177 Set the public key algorithm option B<opt> to B<value>. The precise set of
178 options supported depends on the public key algorithm used and its
179 implementation. See B<KEY GENERATION OPTIONS> in the B<genpkey> manual page
182 =item B<-key filename>
184 This specifies the file to read the private key from. It also
185 accepts PKCS#8 format private keys for PEM format files.
187 =item B<-keyform PEM|DER>
189 The format of the private key file specified in the B<-key>
190 argument. PEM is the default.
192 =item B<-keyout filename>
194 This gives the filename to write the newly created private key to.
195 If this option is not specified then the filename present in the
196 configuration file is used.
200 If this option is specified then if a private key is created it
201 will not be encrypted.
205 This specifies the message digest to sign the request.
206 Any digest supported by the OpenSSL B<dgst> command can be used.
207 This overrides the digest algorithm specified in
208 the configuration file.
210 Some public key algorithms may override this choice. For instance, DSA
211 signatures always use SHA1, GOST R 34.10 signatures always use
212 GOST R 34.11-94 (B<-md_gost94>), Ed25519 and Ed448 never use any digest.
214 =item B<-config filename>
216 This allows an alternative configuration file to be specified.
217 Optional; for a description of the default value,
218 see L<openssl(1)/COMMAND SUMMARY>.
222 Sets subject name for new request or supersedes the subject name
223 when processing a request.
224 The arg must be formatted as I</type0=value0/type1=value1/type2=...>.
225 Keyword characters may be escaped by \ (backslash), and whitespace is retained.
226 Empty values are permitted, but the corresponding type will not be included
229 =item B<-multivalue-rdn>
231 This option causes the -subj argument to be interpreted with full
232 support for multivalued RDNs. Example:
234 I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
236 If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>.
240 This option outputs a self signed certificate instead of a certificate
241 request. This is typically used to generate a test certificate or
242 a self signed root CA. The extensions added to the certificate
243 (if any) are specified in the configuration file. Unless specified
244 using the B<set_serial> option, a large random number will be used for
247 If existing request is specified with the B<-in> option, it is converted
248 to the self signed certificate otherwise new request is created.
252 When the B<-x509> option is being used this specifies the number of
253 days to certify the certificate for, otherwise it is ignored. B<n> should
254 be a positive integer. The default is 30 days.
256 =item B<-set_serial n>
258 Serial number to use when outputting a self signed certificate. This
259 may be specified as a decimal value or a hex value if preceded by B<0x>.
263 Add a specific extension to the certificate (if the B<-x509> option is
264 present) or certificate request. The argument must have the form of
265 a key=value pair as it would appear in a config file.
267 This option can be given multiple times.
269 =item B<-extensions section>
271 =item B<-reqexts section>
273 These options specify alternative sections to include certificate
274 extensions (if the B<-x509> option is present) or certificate
275 request extensions. This allows several different sections to
276 be used in the same configuration file to specify requests for
277 a variety of purposes.
281 A poison extension will be added to the certificate, making it a
282 "pre-certificate" (see RFC6962). This can be submitted to Certificate
283 Transparency logs in order to obtain signed certificate timestamps (SCTs).
284 These SCTs can then be embedded into the pre-certificate as an extension, before
285 removing the poison and signing the certificate.
287 This implies the B<-new> flag.
291 This option causes field values to be interpreted as UTF8 strings, by
292 default they are interpreted as ASCII. This means that the field
293 values, whether prompted from a terminal or obtained from a
294 configuration file, must be valid UTF8 strings.
296 =item B<-nameopt option>
298 Option which determines how the subject or issuer names are displayed. The
299 B<option> argument can be a single option or multiple options separated by
300 commas. Alternatively the B<-nameopt> switch may be used more than once to
301 set multiple options. See the L<x509(1)> manual page for details.
305 Customise the output format used with B<-text>. The B<option> argument can be
306 a single option or multiple options separated by commas.
308 See discussion of the B<-certopt> parameter in the L<x509(1)>
313 Adds the word B<NEW> to the PEM file header and footer lines on the outputted
314 request. Some software (Netscape certificate server) and some CAs need this.
318 Non-interactive mode.
322 Print extra details about the operations being performed.
326 Specifying an engine (by its unique B<id> string) will cause B<req>
327 to attempt to obtain a functional reference to the specified engine,
328 thus initialising it if needed. The engine will then be set as the default
329 for all available algorithms.
331 =item B<-keygen_engine id>
333 Specifies an engine (by its unique B<id> string) which would be used
334 for key generation operations.
338 =head1 CONFIGURATION FILE FORMAT
340 The configuration options are specified in the B<req> section of
341 the configuration file. As with all configuration files if no
342 value is specified in the specific section (i.e. B<req>) then
343 the initial unnamed or B<default> section is searched too.
345 The options available are described in detail below.
349 =item B<input_password output_password>
351 The passwords for the input private key file (if present) and
352 the output private key file (if one will be created). The
353 command line options B<passin> and B<passout> override the
354 configuration file values.
356 =item B<default_bits>
358 Specifies the default key size in bits.
360 This option is used in conjunction with the B<-new> option to generate
361 a new key. It can be overridden by specifying an explicit key size in
362 the B<-newkey> option. The smallest accepted key size is 512 bits. If
363 no key size is specified then 2048 bits is used.
365 =item B<default_keyfile>
367 This is the default filename to write a private key to. If not
368 specified the key is written to standard output. This can be
369 overridden by the B<-keyout> option.
373 This specifies a file containing additional B<OBJECT IDENTIFIERS>.
374 Each line of the file should consist of the numerical form of the
375 object identifier followed by white space then the short name followed
376 by white space and finally the long name.
380 This specifies a section in the configuration file containing extra
381 object identifiers. Each line should consist of the short name of the
382 object identifier followed by B<=> and the numerical form. The short
383 and long names are the same when this option is used.
387 At startup the specified file is loaded into the random number generator,
388 and at exit 256 bytes will be written to it.
389 It is used for private key generation.
393 If this is set to B<no> then if a private key is generated it is
394 B<not> encrypted. This is equivalent to the B<-nodes> command line
395 option. For compatibility B<encrypt_rsa_key> is an equivalent option.
399 This option specifies the digest algorithm to use. Any digest supported by the
400 OpenSSL B<dgst> command can be used. This option can be overridden on the
401 command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore
402 any digest that has been set.
406 This option masks out the use of certain string types in certain
407 fields. Most users will not need to change this option.
409 It can be set to several values B<default> which is also the default
410 option uses PrintableStrings, T61Strings and BMPStrings if the
411 B<pkix> value is used then only PrintableStrings and BMPStrings will
412 be used. This follows the PKIX recommendation in RFC2459. If the
413 B<utf8only> option is used then only UTF8Strings will be used: this
414 is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr>
415 option just uses PrintableStrings and T61Strings: certain software has
416 problems with BMPStrings and UTF8Strings: in particular Netscape.
418 =item B<req_extensions>
420 This specifies the configuration file section containing a list of
421 extensions to add to the certificate request. It can be overridden
422 by the B<-reqexts> command line switch. See the
423 L<x509v3_config(5)> manual page for details of the
424 extension section format.
426 =item B<x509_extensions>
428 This specifies the configuration file section containing a list of
429 extensions to add to certificate generated when the B<-x509> switch
430 is used. It can be overridden by the B<-extensions> command line switch.
434 If set to the value B<no> this disables prompting of certificate fields
435 and just takes values from the config file directly. It also changes the
436 expected format of the B<distinguished_name> and B<attributes> sections.
440 If set to the value B<yes> then field values to be interpreted as UTF8
441 strings, by default they are interpreted as ASCII. This means that
442 the field values, whether prompted from a terminal or obtained from a
443 configuration file, must be valid UTF8 strings.
447 This specifies the section containing any request attributes: its format
448 is the same as B<distinguished_name>. Typically these may contain the
449 challengePassword or unstructuredName types. They are currently ignored
450 by OpenSSL's request signing utilities but some CAs might want them.
452 =item B<distinguished_name>
454 This specifies the section containing the distinguished name fields to
455 prompt for when generating a certificate or certificate request. The format
456 is described in the next section.
460 =head1 DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT
462 There are two separate formats for the distinguished name and attribute
463 sections. If the B<prompt> option is set to B<no> then these sections
464 just consist of field names and values: for example,
468 emailAddress=someone@somewhere.org
470 This allows external programs (e.g. GUI based) to generate a template file
471 with all the field names and values and just pass it to B<req>. An example
472 of this kind of configuration file is contained in the B<EXAMPLES> section.
474 Alternatively if the B<prompt> option is absent or not set to B<no> then the
475 file contains field prompting information. It consists of lines of the form:
478 fieldName_default="default field value"
482 "fieldName" is the field name being used, for example commonName (or CN).
483 The "prompt" string is used to ask the user to enter the relevant
484 details. If the user enters nothing then the default value is used if no
485 default value is present then the field is omitted. A field can
486 still be omitted if a default value is present if the user just
487 enters the '.' character.
489 The number of characters entered must be between the fieldName_min and
490 fieldName_max limits: there may be additional restrictions based
491 on the field being used (for example countryName can only ever be
492 two characters long and must fit in a PrintableString).
494 Some fields (such as organizationName) can be used more than once
495 in a DN. This presents a problem because configuration files will
496 not recognize the same name occurring twice. To avoid this problem
497 if the fieldName contains some characters followed by a full stop
498 they will be ignored. So for example a second organizationName can
499 be input by calling it "1.organizationName".
501 The actual permitted field names are any object identifier short or
502 long names. These are compiled into OpenSSL and include the usual
503 values such as commonName, countryName, localityName, organizationName,
504 organizationalUnitName, stateOrProvinceName. Additionally emailAddress
505 is included as well as name, surname, givenName, initials, and dnQualifier.
507 Additional object identifiers can be defined with the B<oid_file> or
508 B<oid_section> options in the configuration file. Any additional fields
509 will be treated as though they were a DirectoryString.
514 Examine and verify certificate request:
516 openssl req -in req.pem -text -verify -noout
518 Create a private key and then generate a certificate request from it:
520 openssl genrsa -out key.pem 2048
521 openssl req -new -key key.pem -out req.pem
523 The same but just using req:
525 openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
527 Generate a self signed root certificate:
529 openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem
531 Example of a file pointed to by the B<oid_file> option:
533 1.2.3.4 shortName A longer Name
534 1.2.3.6 otherName Other longer Name
536 Example of a section pointed to by B<oid_section> making use of variable
540 testoid2=${testoid1}.6
542 Sample configuration file prompting for field values:
546 default_keyfile = privkey.pem
547 distinguished_name = req_distinguished_name
548 attributes = req_attributes
549 req_extensions = v3_ca
551 dirstring_type = nobmp
553 [ req_distinguished_name ]
554 countryName = Country Name (2 letter code)
555 countryName_default = AU
559 localityName = Locality Name (eg, city)
561 organizationalUnitName = Organizational Unit Name (eg, section)
563 commonName = Common Name (eg, YOUR name)
566 emailAddress = Email Address
567 emailAddress_max = 40
570 challengePassword = A challenge password
571 challengePassword_min = 4
572 challengePassword_max = 20
576 subjectKeyIdentifier=hash
577 authorityKeyIdentifier=keyid:always,issuer:always
578 basicConstraints = critical, CA:true
580 Sample configuration containing all field values:
583 RANDFILE = $ENV::HOME/.rnd
587 default_keyfile = keyfile.pem
588 distinguished_name = req_distinguished_name
589 attributes = req_attributes
591 output_password = mypass
593 [ req_distinguished_name ]
595 ST = Test State or Province
597 O = Organization Name
598 OU = Organizational Unit Name
600 emailAddress = test@email.address
603 challengePassword = A challenge password
605 Example of giving the most common attributes (subject and extensions)
608 openssl req -new -subj "/C=GB/CN=foo" \
609 -addext "subjectAltName = DNS:foo.co.uk" \
610 -addext "certificatePolicies = 1.2.3.4" \
611 -newkey rsa:2048 -keyout key.pem -out req.pem
616 The header and footer lines in the B<PEM> format are normally:
618 -----BEGIN CERTIFICATE REQUEST-----
619 -----END CERTIFICATE REQUEST-----
621 some software (some versions of Netscape certificate server) instead needs:
623 -----BEGIN NEW CERTIFICATE REQUEST-----
624 -----END NEW CERTIFICATE REQUEST-----
626 which is produced with the B<-newhdr> option but is otherwise compatible.
627 Either form is accepted transparently on input.
629 The certificate requests generated by B<Xenroll> with MSIE have extensions
630 added. It includes the B<keyUsage> extension which determines the type of
631 key (signature only or general purpose) and any additional OIDs entered
632 by the script in an extendedKeyUsage extension.
636 The following messages are frequently asked about:
638 Using configuration from /some/path/openssl.cnf
639 Unable to load config info
641 This is followed some time later by...
643 unable to find 'distinguished_name' in config
644 problems making Certificate Request
646 The first error message is the clue: it can't find the configuration
647 file! Certain operations (like examining a certificate request) don't
648 need a configuration file so its use isn't enforced. Generation of
649 certificates or requests however does need a configuration file. This
650 could be regarded as a bug.
652 Another puzzling message is this:
657 this is displayed when no attributes are present and the request includes
658 the correct empty B<SET OF> structure (the DER encoding of which is 0xa0
659 0x00). If you just see:
663 then the B<SET OF> is missing and the encoding is technically invalid (but
664 it is tolerated). See the description of the command line option B<-asn1-kludge>
665 for more information.
669 OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
670 treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour.
671 This can cause problems if you need characters that aren't available in
672 PrintableStrings and you don't want to or can't use BMPStrings.
674 As a consequence of the T61String handling the only correct way to represent
675 accented characters in OpenSSL is to use a BMPString: unfortunately Netscape
676 currently chokes on these. If you have to use accented characters with Netscape
677 and MSIE then you currently need to use the invalid T61String form.
679 The current prompting is not very friendly. It doesn't allow you to confirm what
680 you've just entered. Other things like extensions in certificate requests are
681 statically defined in the configuration file. Some of these: like an email
682 address in subjectAltName should be input by the user.
686 L<x509(1)>, L<ca(1)>, L<genrsa(1)>,
687 L<gendsa(1)>, L<config(5)>,
692 Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
694 Licensed under the OpenSSL license (the "License"). You may not use
695 this file except in compliance with the License. You can obtain a copy
696 in the file LICENSE in the source distribution or at
697 L<https://www.openssl.org/source/license.html>.