Creating an RSA-4096 SSL certificate

vijay chandamala
2 min readSep 11



openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096
openssl rsa -in private_key.pem -pubout -out public_key.pem
openssl req -new -key private_key.pem -out csr.pem
certbot certonly --csr csr.pem
  1. Generate RSA Private Key:
  • openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096
  • This command generates an RSA private key with a key length of 4096 bits and saves it to a file named private_key.pem. The private key is a crucial component of SSL/TLS encryption and is used to secure communication between a server and clients.

2. Generate RSA Public Key:

  • openssl rsa -in private_key.pem -pubout -out public_key.pem
  • This command derives the corresponding RSA public key from the private key stored in private_key.pem and saves it to a file named public_key.pem. The public key is used to encrypt data that only the private key holder can decrypt.

3. Generate Certificate Signing Request (CSR):

  • openssl req -new -key private_key.pem -out csr.pem
  • This command generates a Certificate Signing Request (CSR) using the private key from private_key.pem. A CSR contains information about the entity requesting the certificate (e.g., a website), including the public key, and is used to request a digital certificate from a Certificate Authority (CA).

4. Request an SSL Certificate from Certbot:

  • certbot certonly --csr csr.pem
  • This command uses Certbot, a tool for managing SSL certificates, to request an SSL certificate based on the CSR generated in the previous step (csr.pem). Certbot will typically interact with a CA to obtain a signed SSL certificate. The obtained certificate will be stored in a location specified during the Certbot setup.

The entire process involves creating a private key, deriving a public key from it, generating a CSR with the necessary information, and then using Certbot to request a signed SSL certificate from a CA. Once you have the signed certificate, you can configure your web server or application to use it for secure HTTPS communication, enhancing the security of your website or service.




vijay chandamala