]> &date; Cryptography Utilities crypto-utils &version; genkey 1 genkey generate SSL certificates and certificate requests genkey hostname Description genkey is an interactive command-line tool which can be used to generate SSL certificates or Certificate Signing Requests (CSR). Generated certificates are stored in the directory /etc/pki/tls/certs/, and the corresponding private key in /etc/pki/tls/private/. When using mod_nss the private key is stored in the nss database. Consult the nss.conf file in /etc/httpd/conf.d/ for the location of the database. genkey will prompt for the size of key desired; whether or not to generate a CSR; whether or not an encrypted private key is desired; the certificate subject DN details. genkey generates random data for the private key using the truerand library and also by prompting the user for entry of random text. indicates that mod_nss database should be used to store keys and certificates. Options Generate a Certificate Authority keypair. Generate a Certificate Signing Request for an existing private key, which can be submitted to a CA (for example, for renewal). Used with --genreq to indicate a renewal, the existing keypair will be used. The certificate renewal is for a CA. count When generating a self-signed certificate, specify that the number of days for which the certificate is valid be count rather than the default value of 30. For test purposes only; omit the slow process of generating random data. Examples The following example will create a self-signed certificate and private key for the hostname www.example.com: # genkey --days 120 www.example.com Files /etc/pki/tls/openssl.cnf See also certwatch(1), keyrand(1)