Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:openssl [2016/12/02 11:16] billdozor |
linux_wiki:openssl [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 35: | Line 35: | ||
====== Generate Certificate Signing Requests ====== | ====== Generate Certificate Signing Requests ====== | ||
+ | Generating certificate signing requests to send to a certificate authority. | ||
+ | |||
+ | \\ | ||
===== New Private Key and CSR ===== | ===== New Private Key and CSR ===== | ||
<code bash> | <code bash> | ||
Line 40: | Line 43: | ||
</ | </ | ||
+ | \\ | ||
===== New CSR for an Existing Private Key ===== | ===== New CSR for an Existing Private Key ===== | ||
<code bash> | <code bash> | ||
Line 45: | Line 49: | ||
</ | </ | ||
+ | \\ | ||
===== CSR Based On Existing Certificate ===== | ===== CSR Based On Existing Certificate ===== | ||
<code bash> | <code bash> | ||
openssl x509 -x509toreq -in MYSITE.crt -signkey MYSITE.key -out MYSITE.csr | openssl x509 -x509toreq -in MYSITE.crt -signkey MYSITE.key -out MYSITE.csr | ||
</ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Self-Signed Certificates ====== | ||
+ | |||
+ | Self-signed certificates are for development/ | ||
+ | |||
+ | \\ | ||
+ | ===== Generate Self-Signed ===== | ||
+ | |||
+ | Generate a self-signed cert and private key from scratch | ||
+ | <code bash> | ||
+ | |||
+ | \\ | ||
+ | ===== Generate Self-Signed from Existing Private Key ===== | ||
+ | |||
+ | Generate a self-signed cert from an existing private key | ||
+ | <code bash> | ||
+ | |||
+ | \\ | ||
+ | ===== Generate Self-Signed from Existing Private Key and CSR ===== | ||
+ | |||
+ | Generate a self-signed cert from an existing private key and existing CSR | ||
+ | <code bash> | ||
---- | ---- | ||
Line 54: | Line 83: | ||
====== Certificate Conversions ====== | ====== Certificate Conversions ====== | ||
+ | Converting certificates from one type to another. | ||
+ | |||
+ | \\ | ||
+ | ===== Extract Cert, Key, CA from PFX ===== | ||
+ | * Extract Key<code bash> | ||
+ | * Extract Certificate< | ||
+ | * Extract Certificate Authority< | ||
+ | |||
+ | \\ | ||
===== Convert binary DER to PEM ===== | ===== Convert binary DER to PEM ===== | ||
<code bash> | <code bash> | ||
Line 59: | Line 97: | ||
</ | </ | ||
+ | \\ | ||
===== Convert PEM to DER ===== | ===== Convert PEM to DER ===== | ||
<code bash> | <code bash> | ||
Line 64: | Line 103: | ||
</ | </ | ||
+ | \\ | ||
===== Convert PKCS# | ===== Convert PKCS# | ||
<code bash> | <code bash> | ||
Line 69: | Line 109: | ||
</ | </ | ||
+ | \\ | ||
===== Create crt/key from a PFX file ===== | ===== Create crt/key from a PFX file ===== | ||
<code bash> | <code bash> | ||
Line 76: | Line 117: | ||
</ | </ | ||
+ | \\ | ||
===== Create client crt and intermediate chain cert from .p7b(PKCS7) ===== | ===== Create client crt and intermediate chain cert from .p7b(PKCS7) ===== | ||
Line 96: | Line 138: | ||
Openssl can be used to very that a certificate and key match. | Openssl can be used to very that a certificate and key match. | ||
+ | \\ | ||
Compare to ensure they match | Compare to ensure they match | ||
<code bash> | <code bash> | ||
Line 102: | Line 145: | ||
</ | </ | ||
+ | \\ | ||
Similar method, but running output through md5 hash for a shorter comparison | Similar method, but running output through md5 hash for a shorter comparison | ||
<code bash> | <code bash> | ||
Line 117: | Line 161: | ||
</ | </ | ||
+ | \\ | ||
Display CSR Contents | Display CSR Contents | ||
<code bash> | <code bash> | ||
Line 131: | Line 176: | ||
</ | </ | ||
+ | \\ | ||
Remotely check a site's certificate and fingerprint it | Remotely check a site's certificate and fingerprint it | ||
<code bash> | <code bash> |