Common OpenSSL commands

1. Create a new public and private key using RSA:

  • openssl req -x509 -nodes -days 1825 -newkey rsa:1024 -keyout /tmp/mycert.key -out /tmp/mycert.pem -subj “/C=US/O=IBM/CN=mycert”

2. Generate a public key based upon existing private key:

  • openssl req -x509 -nodes -days 1825 -newkey rsa:1024 -key /tmp/mycert.key -out /tmp/mycert2.pem -subj  “/C=IN/O=IBM/CN=mycert2”
  • openssl rsa -in myprivate.key -pubout > mypubkey.pub

3. List self-signed certificate:

  • openssl x509 -in /tmp/mycert2.pem -text -noout
  • openssl x509 -inform der -in /tmp/mycert.cer -text
  • openssl pkcs12 -in /tmp/mycert.p12 -password pass:passw0rd -nokeys

4. Convert pem to p12 and pfx:

  • openssl pkcs12 -export -out /tmp/mycert.p12 -inkey /tmp/mycert.key -in /tmp/mycert.pem -password pass:passw0rd
  • openssl pkcs12 -export -out /tmp/mycert.pfx -inkey /tmp/mycert.key -in /tmp/mycert.crt -password pass:passw0rd
  • openssl pkcs12 -info -in /tmp/mycert.p12 -password pass:passw0rd -nokeys

5. Verify server certificate:

  • curl -k -v –cert /tmp/mycert.p12 –key /tmp/mycert.pem https://myhost
  • openssl s_client -connect localhost:443 (Verify all accepted certificates)
  • echo | openssl s_client -connect localhost:443 2>/dev/null | openssl x509 -noout -dates (Verify certificate expiry date)

6. Generate a CSR and private key:

  • openssl req -new -newkey rsa:2048 -nodes -out www_mydomain_com.csr -keyout www_mydomain_com.key -subj “/C=OM/ST=Muscat/L=Muscat/O=MyOrg/OU=IT/CN=www.mydomain.com”

7. Verify a CSR and private key:

  • openssl req -noout -text -in www_mydomain_com.csr
  • openssl rsa -in /tmp/mycert.key -check

8. Verify CSR, Private Key and the Certificate. If the md5 hash values are same for the following commands, then the files are compatible.

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5

References:

Advertisements

About Ishtiaque

I am IBM Certified Infrastructure Systems Architect, TOGAF 9 Certified, ITIL V3 Foundation certified and Oracle Certified Export in Java Web Component Developer with over 10 years of support and development experience in IBM middleware software and Java. Additionally, have a sound grip in databases, Linux and OpenStack administration. I hold the following certifications: IBM Certified Infrastructure Systems Architect TOGAF 9 Certified Oracle Certified Expert, Java EE6 Web Component Developer Oracle Certified Professional – Java 6 Programmer ITIL v3 Foundation Certified IBM Certified Solution Architect – Cloud Computing Infrastructure V1 IBM Certified System Administrator – WebSphere Portal V8, V7, V6.1, V6 IBM Certified System Administrator – WebSphere Application Server V7, V6.1 IBM Certified System Administrator – AIX V7 IBM Certified System Administrator – WebSphere MQ V7 IBM Certified Deployment Professional – Business Process Manager Advanced V7.5 IBM Certified Solution Advisor – Cloud Computing Architecture V3 IBM Certified Solution Developer – WebSphere Portal V5.1
This entry was posted in Security. Bookmark the permalink.