What OpenSSL command will generate a certificate signing request (CSR) using the private key file privkey.pem?

• A. openssl req -key privkey.pem -out cert.csr
• B. openssl req -new -key privkey.pem -out cert.csr
• C. openssl gencsr -key privkey.pem -out cert.csr
• D. openssl gencsr -new -key privkey.pem -out cert.csr

Answer: (B)

The command that generates a certificate signing request (CSR) using a private key file is correctly identified as the one that includes the -new option. The -new flag specifically indicates that you are creating a new CSR, which is essential for the command to perform its intended function.

When using OpenSSL to create a CSR, you need to provide a private key as an input with the -key option and specify the output file for the CSR with the -out option. By including the -new flag, it confirms the intention to create a new request rather than perform a different action.

The other commands either lack the necessary -new option or use incorrect command syntax that is not designed for generating a CSR. This makes the command with the -new option the appropriate choice when working with OpenSSL to generate a CSR with an existing private key.