-
Notifications
You must be signed in to change notification settings - Fork 1
Frequently required OpenSSL commands
Mayuresh Kadu edited this page May 22, 2017
·
1 revision
A collection of OpenSSL command and scripts that I often use. Worth pointing out that most of these are based on ingenious examples found across the forums and blog posts. I am just arranging them here in a order that works for me.
- .crt = most commonly used for Certificate
- .key = usually private (but some times) key of PKCS8 encoding. Mostly encrypted
All details
openssl x509 -in certificate.crt -noout -text | less
view specific details (E.g. subject/ issuer/ start-dates)
openssl x509 -in certificate.crt -noout -subject -issuer -dates
View details a DER encoded certificate (Default: PEM)
openssl x509 -in certificate.crt -inform der -noout -subject -issuer -dates
When the key is unencrypted
openssl rsa -in myunecrypted.key -noout -text
openssl rsa -in myunecrypted.key -noout -modulus
When the key is encrypted with the password 'password123'
openssl rsa -in myunecrypted.key -noout -text -passin pass:password123
openssl rsa -in myunecrypted.key -noout -modulus -passin pass:password123
openssl rsa -noout -modulus -in server.key | openssl md5
openssl x509 -noout -modulus -in server.crt | openssl md5
produces certificate-chain.{0..}.pem
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "certificate-chain." c ".pem"}' < certificate-chain.crt
alternatively, the following will produce bar{nn} files
csplit -k -f bar -z test-server-psn-ca.crt '/END CERTIFICATE/+1' {*}
generates file named "unencrypted.key"
openssl x509 -in encrypted.pem -out unencrypted.key -passin pass:password123