I have command that generates PRIVATE KEY in client.key file. But I need RSA PRIVATE KEY. How to achieve that?
openssl req -new -newkey rsa:2048 -keyout client.key -out client.csr -config openssl.cnf -reqexts v3_client_req -nodes -subj "/C=US/ST=California/L=Hawthorne/O=PhilNet/CN=Client/"
DUPE but noticed after I had answered: How to convert a private key to an RSA private key?
do openssl rsa -in client.key -out client.old.key. If you want the old-format file encrypted see the man page or help message for a list of options (like -aes128 or -des3), although since you requested unencrypted on the command giving the new-format (PKCS8) file I'm guessing that's what you want for the old-format file. Plus the old-format encryption uses a much weaker PBKDF than new-format (PKCS8) does; there are numerous existing Qs on multiple stacks about that.
alternatively, instead of generating the key in the req -new command, generate it separately:
openssl genrsa -out client.key 2048 # old command uses old-format keyfile
# can add option to encrypt old-format file, similar to above
openssl req -new -key client.key -out client.csr -config ....
(not recommended) use an old OpenSSL version: 0.9.x, current before 2010 and still supported until 2015, defaulted the output from req -new[key] to old-format (even though OpenSSL supported PCKS8 since about 2000).
