9

I am trying to generate my own self-signed ssl certificate with openssl so I can test them out on a dev server on nginx before I buy one. I have created the server.key but when I run the command openssl req -key server.key -out server.csr it just hangs after the enter pass phrase

Any ideas ?

Oliver Bayes-Shelton
  • 366
  • 1
  • 3
  • 11

3 Answers3

7

You lack entropy - the randomness the server needs to generate the key.

Try moving the mouse, or hitting random keys on the keyboard - you should see progress when you do.

Alternatively, use this one-liner to generate a self-signed certificate with less steps:

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt

adaptr
  • 16,576
  • 23
  • 34
  • 2
    Why is there entropy needed when the key already exists? Even though this solution works, I don't think entropy is the reason that the task does not complete. – mjspier Sep 05 '18 at 11:18
  • This answer is wrong. The missing flag was `-new` which the command above specified but your original did not. @mjspier had the right answer: https://serverfault.com/a/929551/4603 – Chris Adams Sep 09 '22 at 14:24
7

I had the same issue when using GitBash in Windows 7, After hours of search this solved my issue:

winpty openssl genrsa -out ../private.pem -aes256 4096

Let me know if it helps anyone.

Zuhayer Tahir
  • 171
  • 1
  • 2
2

It seems you miss to specify the option -new to tell openssl to generate the certificate request. Not sure why openssl does not show any message in this case.

To generate the certificate request with an existing private key you can use:

openssl req -new -key server.key -out server.csr

To generate a self signed certificate with an existing private key you can use:

openssl req -new -x509 -key server.key -out server.cert
mjspier
  • 121
  • 2