<div dir="ltr"><div><div><div><div>Tx.<br></div>So, what should be the command line to use in order to obtain the same key?<br></div>openssl genrsa ....<br></div>openssl req -nodes -newkey rsa:2048 some_extra_parameters ....<br></div>Michele MAsè<div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 26, 2017 at 6:29 PM, Benjamin Kaduk <span dir="ltr"><<a href="mailto:bkaduk@akamai.com" target="_blank">bkaduk@akamai.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF"><span class="">
    On 07/26/2017 10:13 AM, Michele Mase' wrote:<br>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div>
          <div>
            <div>
              <div>
                <div>
                  <div>
                    <div>
                      <div>
                        <div>
                          <div>
                            <div>
                              <div>During the generation of x509
                                certificates, both commands give the
                                same results:<br>
                                <br>
                              </div>
                            </div>
                            Command "a": openssl req -nodes -newkey
                            rsa:2048 -keyout example.key -out
                            example.csr -subj
                            "/C=GB/ST=London/L=London/O=<wbr>Global
                            Security/OU=IT Department/CN=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__example.com&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=SvmGwnxF6Arf5U_XmN1vPPpie6IFH3h5CkVhveCn26I&s=AMT2W-m9xgiUsKMETv-WcWALqfQnX1rujJdNTJsVz1E&e=" target="_blank">example.com</a>"<br>
                            Command "b": openssl genrsa -out example.key<br>
                            <br>
                          </div>
                          Both commands give me a private key without
                          password, a key that is not encrypted.<br>
                        </div>
                        To remove the passphrase from private key, I use
                        the <br>
                        Command "c":openssl rsa -in example.key -out
                        example2.key<br>
                      </div>
                      <br>
                    </div>
                    The command "c" against the example.key generated by
                    command "a", gives the same private key with
                    different content between --BEGIN RSA and --END RSA.
                    Simply, try the following:<br>
                  </div>
                  diff example.key example2.key, the files are
                  different.<br>
                  <br>
                </div>
                The command "c" against example.key generate by the
                command "b" produces the same file. No differences.<br>
                <br>
              </div>
              Why?<br>
            </div>
            <div>Perhaps I missed something in openssl manual ... :(<br>
            </div>
            These differenced gave me troubles using custom certificates
            in some software.<br>
          </div>
          Any suggestion?<br>
        </div>
      </div>
    </blockquote>
    <br></span>
    The output from openssl req includes an additional layer of encoding
    and the rsaEncryption OID around the actual key parameters, as can
    be seen using openssl asn1parse.  The conversion with 'openssl rsa'
    removes that extra encoding.<br>
    <br>
    -Ben<br>
  </div>

</blockquote></div><br></div></div>