If you need SSL certificates in ECC (elliptic curve cryptography) format, this will mostly fail while applying for the certificate. So far a certificate with ECC is only supported by a few operating systems, with OpenSSL this is already possible. It is important to note that the generation deviates from the normal procedure and cannot be carried out in one step. This means that the key must first be generated followed by the CSR.


The private key is generated as follows:

openssl ecparam -out yourdomain.key -name prime256v1 -genkey

The following command can be used to generate the CSR:

openssl req -new -sha256 -key yourdomain.key -nodes -out yourdomain.csr

As usual, OpenSSL then queries the data of the certificate to be filled:

Country Name (2 letter code) []: (e.g. DE for Germany)

State or Province Name (full name) [Some-State]: (enter your state here)

Locality Name (eg, city) []: (enter the location here)

Organization name (eg, company) []: (Enter the organization name here)

Organizational Unit Name (eg, section) []: (here you can enter the department e.g. IT department)

Common Name (eg, YOUR name) []: (enter the domain name to be certified here)

Email Address []: (please leave blank)

and generates the CSR with which you can then order.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.