Openssl

openssl

Basic Commands

Print details of certificate

1
openssl x509 -text -noout -in certificate.crt

Print details of certirficate remotely

1
openssl s_client -connect example.com:443

Print details of CSR

1
 openssl req -text -noout -in certificate.csr

Check key size

1
 openssl rsa -text -noout -in certificate.key

Conversions

Convert PKCS12 to PEM (pfx IIS format

1
2
3
openssl pkcs12 -in filename.pfx -nocerts -out key.passwd
openssl rsa -in key.passwd -out key
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out crt

Convert PEM to PKCS12 (pfx IIS format)

1
2
openssl pkcs12 -export -out certificate.pfx -inkey
_.belugaventures.net.key -in certificate.crt -certfile intermediate.crt

Self Signed Certificates

  1. Generate an 1024 bit RSA key that is 3DES encrypted.
1
openssl genrsa -des3 -out server.key.passwd 2048
  1. Take the 3DES encrypted RSA key and make a non encrypted one.
1
openssl rsa -in server.key.passwd -out server.key

1&2) Combined #1 and #2 in one command

1
openssl genrsa -out server.key 2048
  1. Generate a signing request (CSR) from your key.
1
openssl req -new -key server.key -out server.csr
  1. Sign your CSR to create a self signed certificate.
1
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  1. Create a PKCS12 version of the key.
1
2
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12
openssl pkcs12 -export -in server.crt -inkey server.key -certfile gd_bundle.crt -out server.p12