In the past I have created my certificates as follows: /etc/pki/tls/misc/CA -newca
openssl req -newkey rsa:2048 -nodes -keyout newreq.pem -out newreq.pem /etc/pki/tls/misc/CA -sign The /etc/pki/tls/misc/CA script has a -newreq option. $REQ -new -keyout newkey.pem -out newreq.pem $DAYS. This appears to put the key and the certificate in different files. The command I use appears to put the key and the certificate in a single file. What are the advantages and disadvantages of each approach? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org