1REQ(1)                              OpenSSL                             REQ(1)
2
3
4

NAME

6       openssl-req, req - PKCS#10 certificate request and certificate
7       generating utility
8

SYNOPSIS

10       openssl req [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename]
11       [-passin arg] [-out filename] [-passout arg] [-text] [-pubkey] [-noout]
12       [-verify] [-modulus] [-new] [-rand file...]  [-writerand file] [-newkey
13       rsa:bits] [-newkey alg:file] [-nodes] [-key filename] [-keyform
14       PEM|DER] [-keyout filename] [-keygen_engine id] [-digest] [-config
15       filename] [-multivalue-rdn] [-x509] [-days n] [-set_serial n] [-newhdr]
16       [-addext ext] [-extensions section] [-reqexts section] [-precert]
17       [-utf8] [-nameopt] [-reqopt] [-subject] [-subj arg] [-batch] [-verbose]
18       [-engine id]
19

DESCRIPTION

21       The req command primarily creates and processes certificate requests in
22       PKCS#10 format. It can additionally create self signed certificates for
23       use as root CAs for example.
24

OPTIONS

26       -help
27           Print out a usage message.
28
29       -inform DER|PEM
30           This specifies the input format. The DER option uses an ASN1 DER
31           encoded form compatible with the PKCS#10. The PEM form is the
32           default format: it consists of the DER format base64 encoded with
33           additional header and footer lines.
34
35       -outform DER|PEM
36           This specifies the output format, the options have the same meaning
37           and default as the -inform option.
38
39       -in filename
40           This specifies the input filename to read a request from or
41           standard input if this option is not specified. A request is only
42           read if the creation options (-new and -newkey) are not specified.
43
44       -passin arg
45           The input file password source. For more information about the
46           format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).
47
48       -out filename
49           This specifies the output filename to write to or standard output
50           by default.
51
52       -passout arg
53           The output file password source. For more information about the
54           format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).
55
56       -text
57           Prints out the certificate request in text form.
58
59       -subject
60           Prints out the request subject (or certificate subject if -x509 is
61           specified)
62
63       -pubkey
64           Outputs the public key.
65
66       -noout
67           This option prevents output of the encoded version of the request.
68
69       -modulus
70           This option prints out the value of the modulus of the public key
71           contained in the request.
72
73       -verify
74           Verifies the signature on the request.
75
76       -new
77           This option generates a new certificate request. It will prompt the
78           user for the relevant field values. The actual fields prompted for
79           and their maximum and minimum sizes are specified in the
80           configuration file and any requested extensions.
81
82           If the -key option is not used it will generate a new RSA private
83           key using information specified in the configuration file.
84
85       -rand file...
86           A file or files containing random data used to seed the random
87           number generator.  Multiple files can be specified separated by an
88           OS-dependent character.  The separator is ; for MS-Windows, , for
89           OpenVMS, and : for all others.
90
91       [-writerand file]
92           Writes random data to the specified file upon exit.  This can be
93           used with a subsequent -rand flag.
94
95       -newkey arg
96           This option creates a new certificate request and a new private
97           key. The argument takes one of several forms. rsa:nbits, where
98           nbits is the number of bits, generates an RSA key nbits in size. If
99           nbits is omitted, i.e. -newkey rsa specified, the default key size,
100           specified in the configuration file is used.
101
102           All other algorithms support the -newkey alg:file form, where file
103           may be an algorithm parameter file, created by the genpkey
104           -genparam command or and X.509 certificate for a key with
105           appropriate algorithm.
106
107           param:file generates a key using the parameter file or certificate
108           file, the algorithm is determined by the parameters. algname:file
109           use algorithm algname and parameter file file: the two algorithms
110           must match or an error occurs. algname just uses algorithm algname,
111           and parameters, if necessary should be specified via -pkeyopt
112           parameter.
113
114           dsa:filename generates a DSA key using the parameters in the file
115           filename. ec:filename generates EC key (usable both with ECDSA or
116           ECDH algorithms), gost2001:filename generates GOST R 34.10-2001 key
117           (requires ccgost engine configured in the configuration file). If
118           just gost2001 is specified a parameter set should be specified by
119           -pkeyopt paramset:X
120
121       -pkeyopt opt:value
122           Set the public key algorithm option opt to value. The precise set
123           of options supported depends on the public key algorithm used and
124           its implementation. See KEY GENERATION OPTIONS in the genpkey
125           manual page for more details.
126
127       -key filename
128           This specifies the file to read the private key from. It also
129           accepts PKCS#8 format private keys for PEM format files.
130
131       -keyform PEM|DER
132           The format of the private key file specified in the -key argument.
133           PEM is the default.
134
135       -keyout filename
136           This gives the filename to write the newly created private key to.
137           If this option is not specified then the filename present in the
138           configuration file is used.
139
140       -nodes
141           If this option is specified then if a private key is created it
142           will not be encrypted.
143
144       -digest
145           This specifies the message digest to sign the request.  Any digest
146           supported by the OpenSSL dgst command can be used.  This overrides
147           the digest algorithm specified in the configuration file.
148
149           Some public key algorithms may override this choice. For instance,
150           DSA signatures always use SHA1, GOST R 34.10 signatures always use
151           GOST R 34.11-94 (-md_gost94), Ed25519 and Ed448 never use any
152           digest.
153
154       -config filename
155           This allows an alternative configuration file to be specified.
156           Optional; for a description of the default value, see "COMMAND
157           SUMMARY" in openssl(1).
158
159       -subj arg
160           Sets subject name for new request or supersedes the subject name
161           when processing a request.  The arg must be formatted as
162           /type0=value0/type1=value1/type2=..., characters may be escaped by
163           \ (backslash), no spaces are skipped.
164
165       -multivalue-rdn
166           This option causes the -subj argument to be interpreted with full
167           support for multivalued RDNs. Example:
168
169           /DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe
170
171           If -multi-rdn is not used then the UID value is 123456+CN=John Doe.
172
173       -x509
174           This option outputs a self signed certificate instead of a
175           certificate request. This is typically used to generate a test
176           certificate or a self signed root CA. The extensions added to the
177           certificate (if any) are specified in the configuration file.
178           Unless specified using the set_serial option, a large random number
179           will be used for the serial number.
180
181           If existing request is specified with the -in option, it is
182           converted to the self signed certificate otherwise new request is
183           created.
184
185       -days n
186           When the -x509 option is being used this specifies the number of
187           days to certify the certificate for, otherwise it is ignored. n
188           should be a positive integer. The default is 30 days.
189
190       -set_serial n
191           Serial number to use when outputting a self signed certificate.
192           This may be specified as a decimal value or a hex value if preceded
193           by 0x.
194
195       -addext ext
196           Add a specific extension to the certificate (if the -x509 option is
197           present) or certificate request.  The argument must have the form
198           of a key=value pair as it would appear in a config file.
199
200           This option can be given multiple times.
201
202       -extensions section
203       -reqexts section
204           These options specify alternative sections to include certificate
205           extensions (if the -x509 option is present) or certificate request
206           extensions. This allows several different sections to be used in
207           the same configuration file to specify requests for a variety of
208           purposes.
209
210       -precert
211           A poison extension will be added to the certificate, making it a
212           "pre-certificate" (see RFC6962). This can be submitted to
213           Certificate Transparency logs in order to obtain signed certificate
214           timestamps (SCTs).  These SCTs can then be embedded into the pre-
215           certificate as an extension, before removing the poison and signing
216           the certificate.
217
218           This implies the -new flag.
219
220       -utf8
221           This option causes field values to be interpreted as UTF8 strings,
222           by default they are interpreted as ASCII. This means that the field
223           values, whether prompted from a terminal or obtained from a
224           configuration file, must be valid UTF8 strings.
225
226       -nameopt option
227           Option which determines how the subject or issuer names are
228           displayed. The option argument can be a single option or multiple
229           options separated by commas.  Alternatively the -nameopt switch may
230           be used more than once to set multiple options. See the x509(1)
231           manual page for details.
232
233       -reqopt
234           Customise the output format used with -text. The option argument
235           can be a single option or multiple options separated by commas.
236
237           See discussion of the  -certopt parameter in the x509(1) command.
238
239       -newhdr
240           Adds the word NEW to the PEM file header and footer lines on the
241           outputted request. Some software (Netscape certificate server) and
242           some CAs need this.
243
244       -batch
245           Non-interactive mode.
246
247       -verbose
248           Print extra details about the operations being performed.
249
250       -engine id
251           Specifying an engine (by its unique id string) will cause req to
252           attempt to obtain a functional reference to the specified engine,
253           thus initialising it if needed. The engine will then be set as the
254           default for all available algorithms.
255
256       -keygen_engine id
257           Specifies an engine (by its unique id string) which would be used
258           for key generation operations.
259

CONFIGURATION FILE FORMAT

261       The configuration options are specified in the req section of the
262       configuration file. As with all configuration files if no value is
263       specified in the specific section (i.e. req) then the initial unnamed
264       or default section is searched too.
265
266       The options available are described in detail below.
267
268       input_password output_password
269           The passwords for the input private key file (if present) and the
270           output private key file (if one will be created). The command line
271           options passin and passout override the configuration file values.
272
273       default_bits
274           Specifies the default key size in bits.
275
276           This option is used in conjunction with the -new option to generate
277           a new key. It can be overridden by specifying an explicit key size
278           in the -newkey option. The smallest accepted key size is 512 bits.
279           If no key size is specified then 2048 bits is used.
280
281       default_keyfile
282           This is the default filename to write a private key to. If not
283           specified the key is written to standard output. This can be
284           overridden by the -keyout option.
285
286       oid_file
287           This specifies a file containing additional OBJECT IDENTIFIERS.
288           Each line of the file should consist of the numerical form of the
289           object identifier followed by white space then the short name
290           followed by white space and finally the long name.
291
292       oid_section
293           This specifies a section in the configuration file containing extra
294           object identifiers. Each line should consist of the short name of
295           the object identifier followed by = and the numerical form. The
296           short and long names are the same when this option is used.
297
298       RANDFILE
299           At startup the specified file is loaded into the random number
300           generator, and at exit 256 bytes will be written to it.  It is used
301           for private key generation.
302
303       encrypt_key
304           If this is set to no then if a private key is generated it is not
305           encrypted. This is equivalent to the -nodes command line option.
306           For compatibility encrypt_rsa_key is an equivalent option.
307
308       default_md
309           This option specifies the digest algorithm to use. Any digest
310           supported by the OpenSSL dgst command can be used. This option can
311           be overridden on the command line. Certain signing algorithms (i.e.
312           Ed25519 and Ed448) will ignore any digest that has been set.
313
314       string_mask
315           This option masks out the use of certain string types in certain
316           fields. Most users will not need to change this option.
317
318           It can be set to several values default which is also the default
319           option uses PrintableStrings, T61Strings and BMPStrings if the pkix
320           value is used then only PrintableStrings and BMPStrings will be
321           used. This follows the PKIX recommendation in RFC2459. If the
322           utf8only option is used then only UTF8Strings will be used: this is
323           the PKIX recommendation in RFC2459 after 2003. Finally the nombstr
324           option just uses PrintableStrings and T61Strings: certain software
325           has problems with BMPStrings and UTF8Strings: in particular
326           Netscape.
327
328       req_extensions
329           This specifies the configuration file section containing a list of
330           extensions to add to the certificate request. It can be overridden
331           by the -reqexts command line switch. See the x509v3_config(5)
332           manual page for details of the extension section format.
333
334       x509_extensions
335           This specifies the configuration file section containing a list of
336           extensions to add to certificate generated when the -x509 switch is
337           used. It can be overridden by the -extensions command line switch.
338
339       prompt
340           If set to the value no this disables prompting of certificate
341           fields and just takes values from the config file directly. It also
342           changes the expected format of the distinguished_name and
343           attributes sections.
344
345       utf8
346           If set to the value yes then field values to be interpreted as UTF8
347           strings, by default they are interpreted as ASCII. This means that
348           the field values, whether prompted from a terminal or obtained from
349           a configuration file, must be valid UTF8 strings.
350
351       attributes
352           This specifies the section containing any request attributes: its
353           format is the same as distinguished_name. Typically these may
354           contain the challengePassword or unstructuredName types. They are
355           currently ignored by OpenSSL's request signing utilities but some
356           CAs might want them.
357
358       distinguished_name
359           This specifies the section containing the distinguished name fields
360           to prompt for when generating a certificate or certificate request.
361           The format is described in the next section.
362

DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT

364       There are two separate formats for the distinguished name and attribute
365       sections. If the prompt option is set to no then these sections just
366       consist of field names and values: for example,
367
368        CN=My Name
369        OU=My Organization
370        emailAddress=someone@somewhere.org
371
372       This allows external programs (e.g. GUI based) to generate a template
373       file with all the field names and values and just pass it to req. An
374       example of this kind of configuration file is contained in the EXAMPLES
375       section.
376
377       Alternatively if the prompt option is absent or not set to no then the
378       file contains field prompting information. It consists of lines of the
379       form:
380
381        fieldName="prompt"
382        fieldName_default="default field value"
383        fieldName_min= 2
384        fieldName_max= 4
385
386       "fieldName" is the field name being used, for example commonName (or
387       CN).  The "prompt" string is used to ask the user to enter the relevant
388       details. If the user enters nothing then the default value is used if
389       no default value is present then the field is omitted. A field can
390       still be omitted if a default value is present if the user just enters
391       the '.' character.
392
393       The number of characters entered must be between the fieldName_min and
394       fieldName_max limits: there may be additional restrictions based on the
395       field being used (for example countryName can only ever be two
396       characters long and must fit in a PrintableString).
397
398       Some fields (such as organizationName) can be used more than once in a
399       DN. This presents a problem because configuration files will not
400       recognize the same name occurring twice. To avoid this problem if the
401       fieldName contains some characters followed by a full stop they will be
402       ignored. So for example a second organizationName can be input by
403       calling it "1.organizationName".
404
405       The actual permitted field names are any object identifier short or
406       long names. These are compiled into OpenSSL and include the usual
407       values such as commonName, countryName, localityName, organizationName,
408       organizationalUnitName, stateOrProvinceName. Additionally emailAddress
409       is include as well as name, surname, givenName initials and
410       dnQualifier.
411
412       Additional object identifiers can be defined with the oid_file or
413       oid_section options in the configuration file. Any additional fields
414       will be treated as though they were a DirectoryString.
415

EXAMPLES

417       Examine and verify certificate request:
418
419        openssl req -in req.pem -text -verify -noout
420
421       Create a private key and then generate a certificate request from it:
422
423        openssl genrsa -out key.pem 2048
424        openssl req -new -key key.pem -out req.pem
425
426       The same but just using req:
427
428        openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
429
430       Generate a self signed root certificate:
431
432        openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem
433
434       Example of a file pointed to by the oid_file option:
435
436        1.2.3.4        shortName       A longer Name
437        1.2.3.6        otherName       Other longer Name
438
439       Example of a section pointed to by oid_section making use of variable
440       expansion:
441
442        testoid1=1.2.3.5
443        testoid2=${testoid1}.6
444
445       Sample configuration file prompting for field values:
446
447        [ req ]
448        default_bits           = 2048
449        default_keyfile        = privkey.pem
450        distinguished_name     = req_distinguished_name
451        attributes             = req_attributes
452        req_extensions         = v3_ca
453
454        dirstring_type = nobmp
455
456        [ req_distinguished_name ]
457        countryName                    = Country Name (2 letter code)
458        countryName_default            = AU
459        countryName_min                = 2
460        countryName_max                = 2
461
462        localityName                   = Locality Name (eg, city)
463
464        organizationalUnitName         = Organizational Unit Name (eg, section)
465
466        commonName                     = Common Name (eg, YOUR name)
467        commonName_max                 = 64
468
469        emailAddress                   = Email Address
470        emailAddress_max               = 40
471
472        [ req_attributes ]
473        challengePassword              = A challenge password
474        challengePassword_min          = 4
475        challengePassword_max          = 20
476
477        [ v3_ca ]
478
479        subjectKeyIdentifier=hash
480        authorityKeyIdentifier=keyid:always,issuer:always
481        basicConstraints = critical, CA:true
482
483       Sample configuration containing all field values:
484
485        RANDFILE               = $ENV::HOME/.rnd
486
487        [ req ]
488        default_bits           = 2048
489        default_keyfile        = keyfile.pem
490        distinguished_name     = req_distinguished_name
491        attributes             = req_attributes
492        prompt                 = no
493        output_password        = mypass
494
495        [ req_distinguished_name ]
496        C                      = GB
497        ST                     = Test State or Province
498        L                      = Test Locality
499        O                      = Organization Name
500        OU                     = Organizational Unit Name
501        CN                     = Common Name
502        emailAddress           = test@email.address
503
504        [ req_attributes ]
505        challengePassword              = A challenge password
506
507       Example of giving the most common attributes (subject and extensions)
508       on the command line:
509
510        openssl req -new -subj "/C=GB/CN=foo" \
511                         -addext "subjectAltName = DNS:foo.co.uk" \
512                         -addext "certificatePolicies = 1.2.3.4" \
513                         -newkey rsa:2048 -keyout key.pem -out req.pem
514

NOTES

516       The header and footer lines in the PEM format are normally:
517
518        -----BEGIN CERTIFICATE REQUEST-----
519        -----END CERTIFICATE REQUEST-----
520
521       some software (some versions of Netscape certificate server) instead
522       needs:
523
524        -----BEGIN NEW CERTIFICATE REQUEST-----
525        -----END NEW CERTIFICATE REQUEST-----
526
527       which is produced with the -newhdr option but is otherwise compatible.
528       Either form is accepted transparently on input.
529
530       The certificate requests generated by Xenroll with MSIE have extensions
531       added. It includes the keyUsage extension which determines the type of
532       key (signature only or general purpose) and any additional OIDs entered
533       by the script in an extendedKeyUsage extension.
534

DIAGNOSTICS

536       The following messages are frequently asked about:
537
538               Using configuration from /some/path/openssl.cnf
539               Unable to load config info
540
541       This is followed some time later by...
542
543               unable to find 'distinguished_name' in config
544               problems making Certificate Request
545
546       The first error message is the clue: it can't find the configuration
547       file! Certain operations (like examining a certificate request) don't
548       need a configuration file so its use isn't enforced. Generation of
549       certificates or requests however does need a configuration file. This
550       could be regarded as a bug.
551
552       Another puzzling message is this:
553
554               Attributes:
555                   a0:00
556
557       this is displayed when no attributes are present and the request
558       includes the correct empty SET OF structure (the DER encoding of which
559       is 0xa0 0x00). If you just see:
560
561               Attributes:
562
563       then the SET OF is missing and the encoding is technically invalid (but
564       it is tolerated). See the description of the command line option
565       -asn1-kludge for more information.
566

BUGS

568       OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it
569       effectively treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have
570       similar behaviour.  This can cause problems if you need characters that
571       aren't available in PrintableStrings and you don't want to or can't use
572       BMPStrings.
573
574       As a consequence of the T61String handling the only correct way to
575       represent accented characters in OpenSSL is to use a BMPString:
576       unfortunately Netscape currently chokes on these. If you have to use
577       accented characters with Netscape and MSIE then you currently need to
578       use the invalid T61String form.
579
580       The current prompting is not very friendly. It doesn't allow you to
581       confirm what you've just entered. Other things like extensions in
582       certificate requests are statically defined in the configuration file.
583       Some of these: like an email address in subjectAltName should be input
584       by the user.
585

SEE ALSO

587       x509(1), ca(1), genrsa(1), gendsa(1), config(5), x509v3_config(5)
588
590       Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
591
592       Licensed under the OpenSSL license (the "License").  You may not use
593       this file except in compliance with the License.  You can obtain a copy
594       in the file LICENSE in the source distribution or at
595       <https://www.openssl.org/source/license.html>.
596
597
598
5991.1.1                             2018-09-11                            REQ(1)
Impressum