OpenSSL: Difference between revisions
Jump to navigation
Jump to search
| Line 5: | Line 5: | ||
openssl req -out chorke.csr -new -newkey rsa:2048 -nodes \ | openssl req -out chorke.csr -new -newkey rsa:2048 -nodes \ | ||
-keyout chorke.key | -keyout chorke.key | ||
#generate certificate using csr & key | |||
openssl x509 -req -in chorke.csr -signkey chorke.key \ | |||
-out chorke.crt | |||
#generate a self-signed certificate | #generate a self-signed certificate | ||
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 \ | openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 \ | ||
-keyout | -keyout chorke.key -out chorke.crt | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 22:44, 5 March 2018
Manipulation
Generate
# generate a new private key and certificate signing request
openssl req -out chorke.csr -new -newkey rsa:2048 -nodes \
-keyout chorke.key
#generate certificate using csr & key
openssl x509 -req -in chorke.csr -signkey chorke.key \
-out chorke.crt
#generate a self-signed certificate
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 \
-keyout chorke.key -out chorke.crt
Check/Verify
# check a certificate signing request(csr)
openssl req -text -noout -verify -in chorke.csr
# check a private key
openssl rsa -check -in chorke.key
# check a certificate
openssl x509 -text -noout -in chorke.crt
# check a pkcs#12 file (.pfx or .p12)
# openssl pkcs12 -info -in chorke.p12
openssl pkcs12 -info -nokeys -passin \
pass:password -in chorke.pfx
Debug
# check an MD5 hash of the public key
openssl x509 -noout -modulus -in chorke.crt | openssl md5
openssl rsa -noout -modulus -in chorke.key | openssl md5
openssl req -noout -modulus -in chorke.csr | openssl md5
# check an ssl connection. all the certs including Intermediates
openssl s_client -connect api.chorke.org:5443/soap/services
Conversion
openssl x509 -inform der -in chorke.cer -out chorke.pem
openssl x509 -outform der -in chorke.pem -out chorke.der
# openssl pkcs12 -nodes -in chorke.pfx -out chorke.pem
# above pattern not working password might be required
openssl pkcs12 -nodes -passin pass:password \
-in chorke.pfx -out chorke.pem
# convert private key to pkcs#12 file (.pfx or .p12)
openssl pkcs12 -export -out chorke.pfx -inkey chorke.key \
-in chorke.crt -certfile rootca.crt
References
- Common Most OpenSSL Commands
- import a public SSL certificate into a JVM
- Create and Install an Apache Self Signed Certificate
- Convert a *.pfx or *.p12 to a seperate *.key or *.crt
- Configuring Java CAPS for SSL Support
- How to use .key and .crt file in java?
- How to convert .csr to .cer?
- OpenSSL Essentials