Generating a Key and Certificate Request
Use this command to generate a key pair and a signed certificate request to be sent to the certification authority (CA):
openssl req -newkey rsa:<keysize> -keyout <keyfile>.pem -keyform PEM
-out <request>.pem -outform PEM
where the values for -keyform and -outform can be PEM or DER, and keysize is typically 1024 or 2048(the higher the value, the larger the key size and the greater the security).
The command will prompt for the following:
Passphrase for the keyfile
Information about the certificate (DN components), depending on what is specified in openssl.cnf
Extra attributes, which you can ignore