openssl req not working, error is "req: Use -help for summary."

von Oheimb, David david.von.oheimb at
Tue Sep 20 10:49:52 UTC 2022

Dear Sergio,

please use a to-the-point email subject, not "openssl-users Digest, Vol 94, Issue 24".

You just made a small mistake with the below command:
after the "-subj" option its "/" (which denotes the empty Distinguished Name) is missing, or any other DN string,
and thus the subsequent "-addext" gets misinterpreted.

Unfortunately, the "openssl" CLI command so far did not provide a useful error message in such cases,
but some time ago I improved this. So with the current master version, the hint given is slightly better:

req: Extra option: "subjectKeyIdentifier=hash"

req: Use -help for summary.

and this will be available with OpenSSL 3.1.

BTW, if you want a validity period of exactly 100 years, you need to take into account 24 leap days/years,
so better use "-days 36524" than "-days 36500".


On Tue, 2022-09-20 at 09:30 +0000, A Z wrote:
Dear OpenSSL Users and Programmers,

I tried running the following command in Windows 64 bit Home edition,
and got the error:

>openssl req -nodes -newkey rsa:4096 -keyout pkey.pem -x509 -out cert.pem -days 36500 -subj -addext "subjectKeyIdentifier=hash"

req: Use -help for summary.

>openssl version

OpenSSL 3.0.0 7 sep 2021 (Library: OpenSSL 3.0.0 7 sep 2021)

In the email bundle reply, this line is suggested to generate a private key and a PEM certificate.  How can I get this to run on
the Windows 10 64 bit, even when in Administrator mode?

Sergio Minervini.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list