Ssl generate

ssl_genkey_rsa

Generate an RSA private key. Key is written unencrypted. For a passphrase-protected key, use openssl genrsa directly.

Example

ssl_genkey_rsa server.key 2048

Arguments

  • $1 (string): Output file path (default: key.pem)
  • $2 (int): Key size in bits (default: 4096)

Exit codes

  • 0: Success
  • 1: openssl error

ssl_ec_curves

List available elliptic curves.

Exit codes

  • 0: Always

Output on stdout

  • One curve name per line

ssl_genkey_ec

Generate an elliptic-curve private key.

Example

ssl_genkey_ec prime256v1 server.key
ssl_genkey_ec secp384r1 server.key

Arguments

  • $1 (string): Named curve (default: prime256v1). Use ssl_ec_curves to list options.
  • $2 (string): Output file path (default: ec_key.pem)

Exit codes

  • 0: Success
  • 1: openssl error or unknown curve

ssl_gencsr

Generate a Certificate Signing Request from an existing private key. If no subject string is provided, openssl will prompt interactively for DN fields.

Example

ssl_gencsr server.key server.csr "/CN=example.com/O=Acme Ltd"
ssl_gencsr server.key   # prompts interactively for subject

Arguments

  • $1 (string): Private key file (required)
  • $2 (string): Output CSR file (default: derives from key filename)
  • $3 (string): Subject DN string, e.g. /CN=example.com/O=Acme (optional)

Exit codes

  • 0: Success
  • 1: openssl error

ssl_selfsigned

Generate a self-signed certificate and private key in one step. Private key is written unencrypted (-nodes). If no subject string is provided, openssl will prompt interactively.

Example

ssl_selfsigned cert.pem key.pem 365 "/CN=localhost"
ssl_selfsigned   # prompts interactively, writes cert.pem and key.pem

Arguments

  • $1 (string): Output certificate file (default: cert.pem)
  • $2 (string): Output key file (default: key.pem)
  • $3 (int): Validity in days (default: 365)
  • $4 (string): Subject DN string, e.g. /CN=example.com (optional)

Exit codes

  • 0: Success
  • 1: openssl error