apt-get install openssl yum install openssl
A public certificate and it's corresponding private key can be used to encrypt packets being transmitted between hosts. One of the most popular uses of a public certificate and it's corresponding private key is to encrypt the resources being transmitted to clients from a web server, so that HTTPS can be used. The first step is to create the private key. In this example, the private key is placed on the web server. As the name implies, a private key is private, and should never be made public.
The genrsa option is used to create an RSA encrypted private key. In this example, the private key will be named example.com.key and have a 2048-bit algorithm.
openssl genrsa -out example.com.key 2048
Including the symmetric cipher (-aes128 in this example) and protecting the private key with a password will create a password protected key.
openssl genrsa -out example.com.key 2048 -aes128 -passout pass:foobar
The private key file should begin with the following.
-----BEGIN RSA PRIVATE KEY-----
The dsaparam option is first used to create the DSA parameters file. In this example, the private key will have a 2048-bit algorithm.
openssl dsaparam -out dsaparam.pem 2048
View the content of the dsaparam file and ensure BEGIN DSA PARAMETERS is displayed.
cat dsaparam.pem ----------BEGIN DSA PARAMETERS-----
The gendsa option is used to create a DSA encrypted private key. In this example, the private key will be named example.com.key.
openssl gendsa -out example.com.key dsaparam.pem
Or, the req option with the -newkey and -keyout flags can be used.
openssl req -x509 -newkey dsa:dsaparam.pem -keyout example.com.key
The ecparam option with the -genkey flag is used to create the ECDSA private key.
openssl ecparam -genkey -out example.com.key -name prime256v1
View the content of the private key file and ensure BEGIN EC PARAMETERS and BEGIN EC PRIVATE KEY are displayed.
cat example.com.key . . . ----------BEGIN EC PARAMETERS----- . . . ----------BEGIN EC PRIVATE KEY-----
Use the chmod command to update the permissions of the private key to be 400, so that only you can read the private key file.
chmod 400 example.com.key
A private key doesn't contain user specific data, such as an "alias" or "expiration date", so you wouldn't ever decode out data from a private key.