OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.
The openssl program is a command line tool for using the various cryptography functions of OpenSSL’s crypto library from the shell. It can be used for:
- Creation and management of private keys, public keys and parameters
- Public key cryptographic operations
- Creation of X.509 certificates, CSRs and CRLs
- Calculation of Message Digests
- Encryption and Decryption with Ciphers
- SSL/TLS Client and Server Tests
- Handling of S/MIME signed or encrypted mail
- Time Stamp requests, generation and verification
OpenSSL Commands:
How to generate a new private key and Certificate Signing Request
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
How to generate a self-signed certificate
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
How to generate a certificate signing request (CSR) for an existing private key
openssl req -out CSR.csr -key privateKey.key -new
How to generate a certificate signing request based on an existing certificate
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
How to remove a passphrase from a private key
openssl rsa -in privateKey.pem -out newPrivateKey.pem
How to a Certificate Signing Request (CSR)
openssl req -text -noout -verify -in CSR.csr
How to check a private key
openssl rsa -in privateKey.key -check
How to check a certificate
openssl x509 -in certificate.crt -text -noout
How to check CA certificate
openssl verify -CAfile <ca-bundle.crt> <certificate.crt>
Check a PKCS#12 file (.pfx or .p12)
openssl pkcs12 -info -in keyStore.p12
How to convert a DER file (.crt .cer .der) to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
How to convert a PEM file to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
How to convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
You can add -nocerts to only output the private key or add -nokeys to only output the certificates.
How to convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
How to generate DH parameter
openssl dhparam -dsaparam -out dhparam.pem 4096
Warning: count(): Parameter must be an array or an object that implements Countable in /home/vhosts/howtolinuxblog.orgfree.com/wp-includes/class-wp-comment-query.php on line 399
MOST COMMENTED
Uncategorized
Ubuntu 16.04 No desktop only shows background wallpaper
Administration / DNS / Linux
Dig command examples
Virtualization
OpenVz(Kernel Base Open source Virtulization)
Uncategorized
Install Ansible on Linux
Puppet
Configuring puppet4 server agent and puppetdb on ubuntu16.04
Database
Installing postgresql on ubuntu 16.04
Puppet
opensource puppet4 installation on ubuntu16.04