Openssl x509 -x509toreq -in cert.pem -out example.csr -signkey example.key Openssl req -nodes -newkey rsa: -keyout example.key -out example.csr -subj "/C=UA/ST=Kharkov/L=Kharkov/O=Super Secure Company/OU=IT Department/CN="Ĭreate a CSR from existing certificate and private key: Provide CSR subject info on a command line, rather than through interactive prompt. Openssl req -nodes -newkey rsa: -keyout example.key -out example.csr Openssl req -new -key example.key -out example.csr -Ĭreate a CSR and a private key without a pass phrase in a single command: It’s better to avoid weak functions like md5 and sha1, and stick to sha256 and above. In the commands below, replace with the name of the supported hash function: md5, sha1, sha224, sha256, sha384 or sha512, etc. Openssl dhparam -out dhparams.pem Create certificate signing requests (CSR) List available EC curves, that OpenSSL library supports: Openssl ec -in example.ec.key -text -noout Openssl ecparam -genkey -name | openssl ec -out example.ec.key curve is to be replaced with: prime256v1, secp384r1, secp521r1, or any other supported elliptic curve: Openssl rsa -des3 -in example.key -out example_with_pass.key Openssl rsa -in example.key -out example.keyĮncrypt existing private key with a pass phrase: If the key has a pass phrase, you’ll be prompted for it: Openssl genrsa -aes256 -out example.key Ĭheck your private key. Generate new RSA key and encrypt with a pass phrase based on AES CBC 256 encryption: Openssl rsa -in example.key -noout -modulus In the commands below, replace with the key size (For example, 2048, 4096, 8192). For example, I skip encryption and decryption, or using openssl for CA management. Surely, this is not a complete list, but it covers the most common use cases and includes those I’ve been working with. Manually check certificate revocation status from OCSP responder.Convert between encoding (PEM, DER) and container formats (PKCS12, PKCS7).Measure TLS connection and handshake time.TLS client to connect to a remote server.Calculate message digests and base64 encoding.Create certificate signing requests (CSR). Here is a list of use cases, that I’ll be covering: This post is my personal collection of openssl command snippets and examples, grouped by use case. man pages are not so helpful here, so often we just Google “openssl how to ” or look for some kind of “openssl cheatsheet” to recall the usage of a command and see examples. OpenSSL includes tonnes of features covering a broad range of use cases, and it’s difficult to remember its syntax for all of them and quite easy to get lost. When it comes to security-related tasks, like generating keys, CSRs, certificates, calculating digests, debugging TLS connections and other tasks related to PKI and HTTPS, you’d most likely end up using the OpenSSL tool.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |