

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:openssl [2015/03/09 22:57]
linux_wiki:openssl [2019/05/25 23:50]
Line 1: Line 1:
-====== OpenSSL ====== 
-**General Information** 
-Openssl is a tool to perform many certificate related tasks such as creating a CSR, verifying certs+keys, and converting formats. 
-  * Distros: All 
-===== Certificate Encoding ===== 
-  * Privacy Enhanced Mail (PEM) - One of the most common certificate encodings. ASCII format. 
-<code bash> 
------END PRIVATE KEY----- 
-  * PKCS #7 B (P7B) - Represents a set of certificates. (IE a certificate chain) 
-  * PKCS #12/PFX/P12 - Lets you put a private key and certificate into a single file. 
-  * Distinguished Encoding Rules (DER) - Binary format most commonly used to represent certificates. 
-===== Common Extensions ===== 
-  * .crt - Used for certificates, commonly on *nix systems. 
-  * .cer - Used for certificates, commonly on Windows. 
-  * .key - Public/private pkcs keys, encoded as binary DER or ASCII PEM. 
-===== Generate Certificate Signing Requests ===== 
-====New Private Key and CSR==== 
-<code bash> 
-openssl req -out MYSITE.csr -new -newkey rsa:2048 -nodes -keyout MYSITE.key 
-====New CSR for an Existing Private Key==== 
-<code bash> 
-openssl req -out MYSITE.csr -key MYSITE.key -new 
-====CSR Based On Existing Certificate==== 
-<code bash> 
-openssl x509 -x509toreq -in MYSITE.crt -out MYSITE.csr -signkey MYSITE.key 
-===== Certificate Conversions ===== 
-====Convert binary DER to PEM==== 
-<code bash> 
-openssl x509 -inform der -in MYSITE.cer -out MYSITE.pem 
-====Convert PEM to DER==== 
-<code bash> 
-openssl x509 -outform der -in MYSITE.pem -out MYSITE.der 
-====Convert PKCS#12(.pfx, .p12) that has a private key and certs to PEM==== 
-<code bash> 
-openssl pkcs12 -in MYSITE-KEYSTORE.pfx -out MYSITE.pem -nodes 
-====Create crt/key from a PFX file==== 
-<code bash> 
-openssl pkcs12 -in mysite.pfx -nocerts -out mysite.key.pem 
-openssl rsa -in mysite.key.pem -out mysite.key 
-openssl pkcs12 -in mysite.pfx -clcerts -nokeys -out mysite.crt 
-=====Cert+Key Matching===== 
-Openssl can be used to very that a certificate and key match. 
-Compare both to ensure they match 
-<code bash> 
-openssl x509 -noout -text -in mysite.crt 
-openssl rsa -noout -text -in mysite.key 
-Similar method, but running output through md5 hash for a shorter comparison 
-<code bash> 
-openssl x509 -noout -text -in mysite.crt | openssl md5 
-openssl rsa -noout -text -in mysite.key | openssl md5 
-=====Displaying Certificate Contents===== 
  • linux_wiki/openssl.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)