Paul Jungwirth on 22 Dec 2014 08:03:31 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client

I don't see why it shouldn't work. Just provide the appropriate domain
name for the CSR. These are my notes on SSL certs:

  Generate a Private Key:
    openssl genrsa ‐des3 ‐out server.pass.key 2048

  Remove passphrase from key:
    openssl rsa ‐in server.pass.key ‐out server.key

  Generate a CSR:
    openssl req ‐new ‐key server.key ‐out server.csr

Then once you have a signed cert you'll need to update the private
key. Or if you can find the existing private key, use that and skip
the first two steps above.

Good luck!


On Mon, Dec 22, 2014 at 7:51 AM, Rich Freeman <> wrote:
> On Mon, Dec 22, 2014 at 10:36 AM, Michael Leone <> wrote:
>> Any request I generate myself on my CA, in the name of the Connections
>> server, will be pretty much the same as an actual CSR generated on that
>> Connections server, right? Just as valid a CSR, I mean.
> It should be completely possible in theory, though I'd have to dig
> through a bazillion openssl manpages to tell you how.  You'll
> definitely need access to the public key for the server - I don't know
> if generating a csr requires access to the private key offhand (I'd
> hope that it does, otherwise anybody could generate one, though they
> couldn't actually make use of it without the private key other than
> maybe to confuse clients).
> --
> Rich
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --
> Announcements -
> General Discussion  --

Pulchritudo splendor veritatis.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --