Cloning a CSR or Cert. for a new CSR with a new key?

Dirk-Willem van Gulik dirkx at
Fri Jan 31 09:39:53 UTC 2020

On 31 Jan 2020, at 01:25, Douglas Morris <dougbmorris at <mailto:dougbmorris at>> wrote:

> Interesting. I think I misunderstood this explanation about the -signkey <file> option: "This option causes the input file to be self signed using the supplied private key."
> Your input has me thinking that a certificate signing request is in fact self-signed like a self-signed certificate is self-signed. I think I mistakenly supposed any self-signing meant acting like a "mini CA". I shall give those two x509 options, '-x509toreq' and '-signkey', a try.

Correct - a CSR is generally signed by the party submitting it - thus proving that he or she has access to their own private key.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list