How to Generate SSH/SSL Public and Private Keys

By: Kevin | December 6, 2016


  1. ssh-keygen -t rsa -b 2048 -f keyName
    Tap enter twice to skip the passphrase, or enter one if you like.
    This will output keyName and

SSL with self-signed Certificate Authority (CA)

  1. Create CA key without passphrase openssl genrsa -out rootCA.key 2048 add -des3 if you want a passphrase
  2. Self sign the CA, openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem. Now you have a self signed SSL named rootCA.pem


Use the CA just created to sign other SSL certificates.
  1. Create a private key, openssl genrsa -out device.key 2048
  2. Create a certificate signing request (CSR), openssl req -new -key device.key -out device.csr. Its important to note when answering the prompts, Common Name (eg, YOUR name) []: must match the host name of the web server you are using.
  3. Sign the CSR with your CA.openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256