How to create an RSA private key using `openssl genrsa`?

openssl genrsa -out root.key


I do not encrypt it because I will use this key only to build a certificates chain of trust for my workstation.

To encrypt the key, you can add the -des3 option:

-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea
These options encrypt the private key with specified cipher before outputting it. If none of these options is specified no encryption is used. If encryption is used a pass phrase is prompted for if it is not supplied via the -passout argument.