Openssl
openssl
Basic Commands
Print details of certificate
1
|
openssl x509 -text -noout -in certificate.crt
|
Print details of certirficate remotely
1
|
openssl s_client -connect example.com:443
|
Print details of CSR
1
|
openssl req -text -noout -in certificate.csr
|
Check key size
1
|
openssl rsa -text -noout -in certificate.key
|
Conversions
Convert PKCS12 to PEM (pfx IIS format
1
2
3
|
openssl pkcs12 -in filename.pfx -nocerts -out key.passwd
openssl rsa -in key.passwd -out key
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out crt
|
Convert PEM to PKCS12 (pfx IIS format)
1
2
|
openssl pkcs12 -export -out certificate.pfx -inkey
_.belugaventures.net.key -in certificate.crt -certfile intermediate.crt
|
Self Signed Certificates
- Generate an 1024 bit RSA key that is 3DES encrypted.
1
|
openssl genrsa -des3 -out server.key.passwd 2048
|
- Take the 3DES encrypted RSA key and make a non encrypted one.
1
|
openssl rsa -in server.key.passwd -out server.key
|
1&2) Combined #1 and #2 in one command
1
|
openssl genrsa -out server.key 2048
|
- Generate a signing request (CSR) from your key.
1
|
openssl req -new -key server.key -out server.csr
|
- Sign your CSR to create a self signed certificate.
1
|
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
|
- Create a PKCS12 version of the key.
1
2
|
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12
openssl pkcs12 -export -in server.crt -inkey server.key -certfile gd_bundle.crt -out server.p12
|