OpenSSL: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Manipulation ==
== Manipulation ==
=== Generate ===
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# generate a new private key and certificate signing request
# generate a new private key and certificate signing request
openssl req -out chorke.csr -new -newkey rsa:2048 -nodes \
openssl req -out chorke.csr -new -newkey rsa:2048 -nodes \
-keyout chorke.key
-keyout chorke.key
#generate certificate using csr & key
openssl x509 -req -in chorke.csr -signkey chorke.key \
-out chorke.crt


#generate a self-signed certificate  
#generate a self-signed certificate  
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 \
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 \
-keyout privateKey.key -out certificate.crt
-keyout chorke.key -out chorke.crt
</syntaxhighlight>
</syntaxhighlight>


=== Check/Verify ===
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# check a certificate signing request(csr)
# check a certificate signing request(csr)
Line 21: Line 27:


# check a pkcs#12 file (.pfx or .p12)
# check a pkcs#12 file (.pfx or .p12)
openssl pkcs12 -info -in chorke.p12
# openssl pkcs12 -info -in chorke.p12
openssl pkcs12 -info -nokeys -passin \
pass:password -in  chorke.pfx
</syntaxhighlight>
 
=== Debug ===
<syntaxhighlight lang="bash">
# check an MD5 hash of the public key
openssl x509 -noout -modulus -in chorke.crt | openssl md5
openssl rsa  -noout -modulus -in chorke.key | openssl md5
openssl req  -noout -modulus -in chorke.csr | openssl md5
 
# check an ssl connection. all the certs including Intermediates
openssl s_client -connect api.chorke.org:5443/soap/services
</syntaxhighlight>
 
=== Conversion ===
<syntaxhighlight lang="bash">
openssl x509 -inform  der -in chorke.cer -out chorke.pem
openssl x509 -outform der -in chorke.pem -out chorke.der
 
# openssl pkcs12 -nodes -in chorke.pfx -out chorke.pem
# above pattern not working password might be required
openssl pkcs12 -nodes -passin pass:password \
-in chorke.pfx -out chorke.pem
 
# convert private key to pkcs#12 file (.pfx or .p12)
openssl pkcs12 -export -out chorke.pfx -inkey chorke.key \
-in chorke.crt -certfile rootca.crt
</syntaxhighlight>
</syntaxhighlight>


== References ==
== References ==
{|
| valign="top" |
* [https://stackoverflow.com/questions/49124091 Create csr, key, crt and import crt, rootca, subca into jks]
* [https://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html Create and Install an Apache Self Signed Certificate]
* [https://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/ Convert a *.pfx or *.p12 to a seperate *.key or *.crt]
* [https://confluence.atlassian.com/kb/how-to-import-a-public-ssl-certificate-into-a-jvm-867025849.html import a public SSL certificate into a JVM]
* [https://docs.oracle.com/cd/E19509-01/820-3503/ggezy/index.html Configuring Java CAPS for SSL Support]
* [https://stackoverflow.com/questions/6482484 How to use .key and .crt file in java?]
* [https://www.sslshopper.com/article-most-common-openssl-commands.html Common Most OpenSSL Commands]
* [https://www.sslshopper.com/article-most-common-openssl-commands.html Common Most OpenSSL Commands]
* [https://confluence.atlassian.com/kb/how-to-import-a-public-ssl-certificate-into-a-jvm-867025849.html import a public SSL certificate into a JVM]
* [https://stackoverflow.com/questions/7064087 How to convert .csr to .cer?]
* [https://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html Create and Install an Apache Self Signed Certificate]
* [[Bastion SSH Tunneling]]
* [https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs OpenSSL Essentials]
 
| valign="top" |
* [[SSH Port Forwarding]]
 
| valign="top" |
 
 
|}

Latest revision as of 01:47, 29 October 2024

Manipulation

Generate

# generate a new private key and certificate signing request
openssl req -out chorke.csr -new -newkey rsa:2048 -nodes \
-keyout chorke.key

#generate certificate using csr & key
openssl x509 -req -in chorke.csr -signkey chorke.key \
-out chorke.crt

#generate a self-signed certificate 
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 \
-keyout chorke.key -out chorke.crt

Check/Verify

# check a certificate signing request(csr)
openssl req -text -noout -verify -in chorke.csr

# check a private key
openssl rsa -check -in chorke.key

# check a certificate
openssl x509 -text -noout -in chorke.crt

# check a pkcs#12 file (.pfx or .p12)
# openssl pkcs12 -info -in chorke.p12
openssl pkcs12 -info -nokeys -passin \
pass:password -in  chorke.pfx

Debug

# check an MD5 hash of the public key
openssl x509 -noout -modulus -in chorke.crt | openssl md5
openssl rsa  -noout -modulus -in chorke.key | openssl md5
openssl req  -noout -modulus -in chorke.csr | openssl md5

# check an ssl connection. all the certs including Intermediates
openssl s_client -connect api.chorke.org:5443/soap/services

Conversion

openssl x509 -inform  der -in chorke.cer -out chorke.pem
openssl x509 -outform der -in chorke.pem -out chorke.der

# openssl pkcs12 -nodes -in chorke.pfx -out chorke.pem
# above pattern not working password might be required
openssl pkcs12 -nodes -passin pass:password \
-in chorke.pfx -out chorke.pem

# convert private key to pkcs#12 file (.pfx or .p12)
openssl pkcs12 -export -out chorke.pfx -inkey chorke.key \
-in chorke.crt -certfile rootca.crt

References