John Little
Reputation: 12343
openssl CSR generation gives Expecting: CERTIFICATE REQUEST
I am trying to generate a CSR. I understand that this command will generate both a private key and a CSR at the same time:
openssl req -new -newkey rsa:2048 -x509 -nodes -keyout our.key -out our.csr
However, our.csr seems to be invalid.
openssl req -text -in our.csr -noout -verify
Gives:
unable to load X509 request
4302814700:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.2/libressl-2.8/crypto/pem/pem_lib.c:684:Expecting: CERTIFICATE REQUEST
Upvotes: 2
Views: 3963
Answers (2)
Brian Trzupek
Reputation: 5390
The answer above is in fact your error, but just for reference, if you do want to check the validity of a CSR, this command will process a CSR and display it for you. If the CSR is somehow invalid, this method will tell you that as well.
openssl req -noout -text -in server.csr
Upvotes: 1
SkateScout
Reputation: 870
You need to remove the x509 parameter this turns an CSR into an Selfsigned Certificate. So your command is openssl req -new -newkey rsa:2048 -nodes -keyout our.key -out our.csr
Upvotes: 3
Related Questions
- What is wrong with this csr since openssl refuses to decode it? (
- Failure trying to verify CSR with Openssl
- Error creating an SSL Certificate
- Creating certificate with certreq tool where I have csr generated using openssl
- Generate CSR from existing certificate
- Openssl certificate request failed
- getting an error while generating ssl certificates
- OpenSSL error 0x2006D002 when creating CSR
- using openssl creating csr for localhost
- How to generate SSL certificate using openSSL?