Openssl req

From Fritz!Box
Jump to: navigation, search

AVM Wiki >> Shell-Befehle >> openssl_req @ whmf   -   IRC-Chat   -   hu nl it English
Community Modelle Zubehör Environment Konfiguration Shell-Befehle Software Freetz Lexikon Tipps+Tricks Bilder

Startup-Scripts AVM-Befehle BusyBox-Befehle Linux-Befehle Shared Libraries Kernel-Module Listings Todo



Aufgerufen von

  • ctlmgr (siehe Beispiel unten)
  • upnpd (siehe Beispiel unten)



$ openssl_req --help
unknown option --help
openssl_req [options] <infile >outfile
where options  are
 -inform arg    input format - DER or PEM
 -outform arg   output format - DER or PEM
 -in arg        input file
 -out arg       output file
 -text          text form of request
 -pubkey        output public key
 -noout         do not output REQ
 -verify        verify signature on REQ
 -modulus       RSA modulus
 -nodes         don't encrypt the output key
 -subject       output the request's subject
 -passin        private key password source
 -key file      use the private key contained in file
 -keyform arg   key file format
 -keyout arg    file to send the key to
 -rand file:file:...
                load the file (or the files in the directory) into
                the random number generator
 -newkey rsa:bits generate a new RSA key of 'bits' in size
 -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'
 -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)
 -config file   request template file.
 -subj arg      set or modify request subject
 -multivalue-rdn enable support for multivalued RDNs
 -new           new request.
 -batch         do not ask anything during request generation
 -x509          output a x509 structure instead of a cert. req.
 -days          number of days a certificate generated by -x509 is valid for.
 -set_serial    serial number to use for a certificate generated by -x509.
 -newhdr        output "NEW" in the header lines
 -asn1-kludge   Output the 'request' in a format that is wrong but some CA's
                have been reported as requiring
 -extensions .. specify certificate extension section (override value in config file)
 -reqexts ..    specify request extension section (override value in config file)
 -utf8          input characters are UTF8 (default ASCII)
 -nameopt arg    - various certificate name options
 -reqopt arg    - various request text options


Self signed Zertifikat aus einem vorher mit openssl_genrsa erzeugten serker.key generieren:

openssl_req -config openssl.cnf -new -x509 -key server.key -out server.cert -days 365

Verwendung in ctlmgr:

openssl_req -config openssl.cnf -new -x509 -key websrv_ssl_key.pem -out websrv_ssl_cert.pem -days 9999

Verwendung in upnpd:

openssl_req -config openssl_tr064.cnf -new -x509 -key websrv_ssl_key.pem -out tr064_ssl_cert.pem -days 9999

Verwendung in ctlmgr (7270):

openssl_req -config ftps_openssl.cnf -new -x509 -key ftps_ssl_key.pem -out ftps_ssl_cert.pem -days 9999



Siehe auch

SSL: (28)

Webserver: (99)

Überwachung und Einrichtung: (129) - Kleingedrucktes ist laufende Entwicklung.