Showing results for 
Search instead for 
Did you mean: 
Jeffrey Keown
Cisco Employee
Cisco Employee

The old version of open ssl 0.9.8h referenced on the cert generation doc doesn't work (if you enter a password in the CSR process).

Will work on updating link.

Working exact steps with v1.1.0c:

Confirmed working CSR with openssl, Windows 7 64 bit machine.


Win64 OpenSSL v1.1.0c

Windows Dos prompt:

cd C:\OpenSSL-Win64\bin


req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pem -config C:\OpenSSL-Win64\bin\cnf\openssl.cnf

C:\>cd C:\OpenSSL-Win64\bin

OpenSSL> req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pem -config C:\OpenSSL-Win64\bin\cnf\openssl.cnf
Generating a 1024 bit RSA private key
writing new private key to 'mykey.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:NC
Locality Name (eg, city) []:RTP
Organization Name (eg, company) [Internet Widgits Pty Ltd]:TAC
Organizational Unit Name (eg, section) []:HTTS
Common Name (e.g. server FQDN or YOUR name) []:WLC-1
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password123
An optional company name []:cisco
OpenSSL> quit

C:\OpenSSL-Win64\bin>dir *.pem
 Volume in drive C has no label.
 Volume Serial Number is 1496-D193

 Directory of C:\OpenSSL-Win64\bin

01/06/2017  10:55 AM               932 mykey.pem
01/06/2017  10:59 AM               750 myreq.pem
               2 File(s)          1,682 bytes
               0 Dir(s)  304,623,710,208 bytes free

1 Comment
Nicolas Darchis
Cisco Employee
Cisco Employee

Thanks for testing Jeff !

I've updated the internal version of the doc. Before pushing the change to, i haven't noticed any difference in the CLI you mention here and the one in the doc, so I suppose nothing changed in the commands between openssl 0.9.8 and 1.1 ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
French webcast-routing