The command is the same as we used in the RSA example above, but -newkey RSA:2048 has been replaced with -newkey ec:ECPARAM.pem. Now, specify your parameter file when generating the CSR: openssl req -newkey ec:ECPARAM.pem -keyout PRIVATEKEY.key -out MYCSR.csr -out ECPARAM.pem provides a path and filename for the parameter file.If you prefer a 384-bit curve, change the portion after the colon to P-384. -pkeyopt ec_paramgen_curve:P-256 chooses a 256-bit curve.
-algorithm ec specifies an elliptic curve algorithm.You could also generate a private key, but using the parameter file when generating the key and CSR ensures that you will be prompted for a pass phrase. -genparam generates a parameter file instead of a private key.openssl genpkey runs openssl’s utility for private key generation.This OpenSSL command will generate a parameter file for a 256-bit ECDSA key: openssl genpkey -genparam -algorithm ec -pkeyopt ec_paramgen_curve:P-256 -out ECPARAM.pem To create an ECDSA private key with your CSR, you need to invoke a second OpenSSL utility to generate the parameters for the ECDSA key. You will not receive any notification that your CSR was successfully created.
Upon completion of this process, you will be returned to a command prompt.