FreeKB - How to create a ECDSA public / private key pair using OpenSSL on Linux
How to create a ECDSA public / private key pair using OpenSSL on Linux

Home > Search > How-to

A trusted certificate is one that is purchased from a trusted certificate authority (CA), such as Internet facing production applications should use a certificate from a trusted CA. For non-production applications, a self-signed certificate can be used.  Applications, such as a web browser, will complain when a self-signed certificate is used.



Use  apt-get or yum to install OpenSSL.

~]# apt-get install openssl
~]# yum install openssl


ECDSA Parameters and Private Key

Ensure root owns the private directory, and that only root can read and write to the private directory.

~]# chown root:root /etc/pki/tls/private
~]# chmod 600 /etc/pki/tls/private


Create the ECDSA parameters file and private key.

~]# openssl ecparam -genkey -out /etc/pki/tls/private/ec_private.key -name prime256v1


View the content of the dsaparam file and ensure BEGIN EC PARAMETERS and BEGIN EC PRIVATE KEY are displayed.

~]# cat /etc/pki/tls/private/ec_private.key
----------BEGIN EC PARAMETERS-----
. . .
----------BEGIN EC PRIVATE KEY-----


Ensure only root can read the private key file.

~]# chmod 400 /etc/pki/tls/private/private.key


A private key doesn't contain user specific data, such as an "alias" or "expiration date", so you wouldn't ever decode out data from a private key.



Create an ECDSA certificate.

~]# openssl req -x509 -new -key /etc/pki/tls/private/ec_private.key -out /etc/pki/tls/certs/ec_certificate.crt


There will be a series of prompts.

Area Example Description
Password myPassword Password
Country Name US United States
State/Province FL Florida
Locality Name Miami City
Organization Name Example, Inc. Company name
Organization Unit Name Example, Inc. Company name
Common Name Domain name
Email Address Admin email


View the content of the ec_certificate.crt file and ensure BEGIN CERTIFCATE is displayed.

~]# cat /etc/pki/tls/certs/certificate.crt


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 05ff8 in the box below so that we can be sure you are a human.