How to create a public / private key pair using crypto-utils on Linux

Home > Search > How-to

A trusted certificate is one that is purchased from a trusted CA (certificate authority) such as For non-production applications, a self-signed certificate can be used to encrypt the traffic.  

Four files will be created:

Type of file Location
Private Key /etc/pki/tls/private/example.key
Public Certificate /etc/pki/tls/certs/example.crt
Certificate Signing Request (CSR) /etc/pki/tls/example.csr
Certificate Authority (CA) /etc/pki/tls/example.pem


Use apt-get or yum to install crypto-utils.

[root@server1 ~]# apt-get install crypto-utils
[root@server1 ~]# yum install crypto-utils


The crypto-utils depends on the mod_ssl package.

[root@server1 ~]# apt-get install mod_ssl
[root@server1 ~]# yum install mod_ssl


Use the genkey command followed by the name of the public/private key pair.

[root@server1 ~]# genkey myKeypair


Select Next.


Select the key size and select next.


Wait for the random bit generate.


Wait for the random data to generate.


If creating a self-signed certificate, select No.


Select Next.


Complete the form and select Next.


The certificate will be in the /etc/pki/tls/certs/ directory, and the private key will be in the /etc/pki/tls/private directory.

Due to the sensitive nature of the private key, ensure that root owns the directory where the private key is stored.  Also ensure that only root is allowed to read and write to the directory that contains the private key.

[root@server1 ~]# chown root:root /etc/pki/tls/private
[root@server1 ~]# chmod 400 /etc/pki/tls/private


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter in the box below so that we can be sure you are a human.