Organizational Unit Name (eg, section) :Ĭommon Name (e.g. If you enter '.', the field will be left blank. There are quite a few fields but you can leave some blankįor some fields there will be a default value, What you are about to enter is what is called a Distinguished Name or a DN. You are about to be asked to enter information that will be incorporated $ openssl req -x509 -days 365 -new -key test-user -out test-user-cert.pem
Your identification has been saved in test-user. If you want to start from OpenSSH and work your way over to the OpenSSL side, with a self-signed certificate (for whatever reason), here's how: $ ssh-keygen -f test-userĮnter passphrase (empty for no passphrase): To extract an OpenSSH compatible public key from it, you can just run: ssh-keygen -f private.pem -y > private.pub If you just want to share the private key, the OpenSSL key generated by your example command is stored in private.pem, and it should already be in PEM format compatible with (recent) OpenSSH. This means that you need to store the X.509 certificate, in addition to the private key, if you wish use the same key for both OpenSSL and OpenSSH. The certificate contains information that is not present anywhere else and each certificate is unique and can not be recreated at will. Also, these certificates are not X.509, so they are incompatible with OpenSSL. OpenSSH does have support for certificates as well, but it is likely that you are not using this support. This certificate is not something OpenSSH traditionally uses for anything - and it definitely is not the same thing as a public key only. However, the OpenSSL command you show generates a self-signed certificate. Private keys are normally already stored in a PEM format suitable for both.
Ssh-keygen can be used to convert public keys from SSH formats in to PEM formats suitable for OpenSSL.
0 kommentar(er)
