A certificate is a public key with extra properties (like company name, country,) that is signed by some Certificate authority that guarantees that the attached properties are true. Even though PEM encoded certificates are ASCII they are not human readable.
Deciding on Key Generation Options
When generating a key, you have to decide three things: the key algorithm, the key size, and whether to use a passphrase.
For the key algorithm, you need to take into account its compatibility. For this reason, we recommend you use RSA. However, if you have a specific need to use another algorithm (such as ECDSA), you can use that too, but be aware of the compatibility issues you might run into.
Note: This guide only covers generating keys using the RSA algorithm.
- OpenSSL has a variety of commands that can be used to operate on private key files, some of which are specific to RSA (e.g. Openssl rsa and openssl genrsa) or which have other limitations. Here we always use openssl pkey, openssl genpkey, and openssl pkcs8, regardless of the type of key.
- OpenSSL 'rsa -pubin' - View RSA Public Key How to view contents of an RSA public key file using OpenSSL 'rsa' command? If you want to view contents of an RSA public key stored in a file, you can use the OpenSSL 'rsa -pubin' command as shown below: C: Users fyicenter> loc al openssl openssl.exeOpenSSL> rsa -in myrsapub.key -pu.
For the key size, you need to select a bit length of at least 2048 when using RSA and 256 when using ECDSA; these are the smallest key sizes allowed for SSL certificates. Unless you need to use a larger key size, we recommend sticking with 2048 with RSA and 256 with ECDSA.
Openssl View Keystore Contents
Note: In older versions of OpenSSL, if no key size is specified, the default key size of 512 is used. Any key size lower than 2048 is considered unsecure and should never be used.
Openssl View Key
For the passphrase, you need to decide whether you want to use one. If used, the private key will be encrypted using the specified encryption method, and it will be impossible to use without the passphrase. Because there are pros and cons with both options, it's important you understand the implications of using or not using a passphrase. In this guide, we will not be using a passphrase in our examples.