Skip to content

Generating Certificate Request with NSS

Endi S. Dewata edited this page Apr 15, 2021 · 1 revision

The certutil command can be used to generate a PKCS #10 request.

First, generate a noise file and store the NSS database password in a file:

$ openssl rand -out noise.bin 2048
$ echo Secret.123 > password.txt

Then execute the following command:

$ certutil -R \
 -d ~/.dogtag/nssdb \
 -f password.txt \
 -s "uid=testuser,ou=people,dc=example,dc=com" \
 -g 2048 \
 -z noise.bin \
 -o testuser.csr \
 -a


Generating key.  This may take a few moments...

The CSR will be stored in testuser.csr.

See Also

Clone this wiki locally