Above command will generate CSR and 2048-bit RSA key file. If you intend to use this certificate in Apache or Nginx, then you need to send this CSR file to certificate issuer authority, and they will give you signed certificate mostly in der or pem format which you need to configure in Apache or Nginx web server.
Verification is essential to ensure you are sending CSR to issuer authority with required details.
* Create RSA Private Key
openssl genrsa -out private.key 2048
If you just need to generate RSA private key, you can use the above command. I have included 2048 for stronger encryption.
* Remove Passphrase from Key
openssl rsa -in certkey.key -out nopassphrase.key
If you are using passphrase in key file and using Apache then every time you start, you have to enter the password. If you are annoyed with entering a password, then you can use above openssl rsa -in geekflare.key -check to remove the passphrase key from an existing key.
* Verify Private Key
openssl rsa -in certkey.key –check
If you doubt on your key file, you can use the above command to check.
* Verify Certificate File
openssl x509 -in certfile.pem -text –noout
If you would like to validate certificate data like CN, OU, etc. then you can use an above command which will give you certificate details.