Creating an RSA-4096 SSL certificate

vijay chandamala
2 min readSep 11, 2023


openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096
openssl rsa -in private_key.pem -pubout -out public_key.pem
openssl req -new -key private_key.pem -out csr.pem
certbot certonly --csr csr.pem
  1. Generate RSA Private Key:
  • openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096
  • This command generates an RSA private key with a key length of 4096 bits and saves it to a file named private_key.pem. The private key is a crucial component of SSL/TLS encryption and is used to secure communication between a server and clients.

2. Generate RSA Public Key:

  • openssl rsa -in private_key.pem -pubout -out public_key.pem
  • This command derives the corresponding RSA public key from the private key stored in private_key.pem and saves it to a file named public_key.pem. The public key is used to encrypt data that only the private key holder can decrypt.

3. Generate Certificate Signing Request (CSR):

  • openssl req -new -key private_key.pem -out csr.pem
  • This command generates a Certificate Signing Request (CSR) using the private key from private_key.pem. A CSR contains information about the entity requesting the certificate (e.g., a website), including the public key, and is used to request a digital certificate from a Certificate Authority (CA).

4. Request an SSL Certificate from Certbot:

  • certbot certonly --csr csr.pem
  • This command uses Certbot, a tool for managing SSL certificates, to request an SSL certificate based on the CSR generated in the previous step (csr.pem). Certbot will typically interact with a CA to obtain a signed SSL certificate. The obtained certificate will be stored in a location specified during the Certbot setup.

The entire process involves creating a private key, deriving a public key from it, generating a CSR with the necessary information, and then using Certbot to request a signed SSL certificate from a CA. Once you have the signed certificate, you can configure your web server or application to use it for secure HTTPS communication, enhancing the security of your website or service.