Common OpenSSL commands

1. Create a new public and private key using RSA:
openssl  req  -x509  -nodes  -days 1825  -newkey rsa:2048  -keyout example.key \
-out example.crt   -subj “/C=US/ST=Chicago/L=Town/O=Example Inc /CN=example.com

2. Generate a CSR and private key:
openssl req -new -nodes  -newkey rsa:2048  -keyout example.key -out example.csr \
–subj “/C=OM/ST=Muscat/L=Muscat/O=MyOrg/OU=IT/CN=example.com

3. Generate a public key based upon existing private key:
i) openssl req -x509  -nodes  -days 1825 -newkey rsa:1024 -key example.key \
-out example.pem  -subj  “/C=IN/O=IBM/CN=example.com
ii) openssl rsa -in myprivate.key -pubout > mypubkey.pub

4. List self-signed certificate:
i) openssl x509 -in /tmp/mycert2.pem -text -noout
ii) openssl x509 -inform der -in /tmp/mycert.cer -text
iii) openssl pkcs12 -in /tmp/mycert.p12 -password pass:passw0rd -nokeys

5. Convert pem to p12 and pfx:
i) openssl pkcs12 -export -out example.p12 -inkey example.key -in example.pem -password pass:passw0rd
ii) openssl pkcs12 -export -out example.pfx -inkey example.key -in example.crt -password pass:passw0rd
iii) openssl pkcs12 -info -in example.p12 -password pass:passw0rd -nokeys

6. Verify server certificate expiry date and accepted client certificates:
i) curl -k -v –cert example.p12 –key example.pem https://example.com
ii) openssl s_client -connect localhost:443       (Verify all accepted certificates)
iii) echo|openssl s_client -connect localhost:443 2>/dev/null | openssl x509 -noout -dates

7. Verify a CSR and private key:
i) openssl req -noout -text -in www_mydomain_com.csr
ii) openssl rsa -in /tmp/mycert.key -check

8. Remove password from a private key:
i) openssl rsa -in mykey.key -out mykey.key

8. Verify CSR, Private Key and the Certificate.
i) openssl x509 -noout -modulus -in certificate.crt | openssl md5
ii) openssl rsa -noout -modulus -in privateKey.key | openssl md5
iii) openssl req -noout -modulus -in CSR.csr | openssl md5
P.S. If the md5 hash values need to be the same for all above three commands.

References:

Advertisements

About Ishtiaque

I am IBM Certified Infrastructure Systems Architect, Linux Foundation Certified System Administrator, Oracle Certified Programmer in Java and Web Component Developer, and TOGAF 9 certified with over 10 years of support and development experience in IBM middleware software and Java. Additionally, have a sound grip in databases and OpenStack administration. I hold the following certifications: IBM Certified Infrastructure Systems Architect Linux Foundation Certified System Administrator (LFCS) TOGAF 9 Certified Oracle Certified Expert, Java EE6 Web Component Developer Oracle Certified Professional – Java 6 Programmer ITIL v3 Foundation Certified IBM Certified Solution Architect – Cloud Computing Infrastructure V1 IBM Certified System Administrator – WebSphere Portal V8, V7, V6.1, V6 IBM Certified System Administrator – WebSphere Application Server V7, V6.1 IBM Certified System Administrator – AIX V7 IBM Certified System Administrator – WebSphere MQ V7 IBM Certified Deployment Professional – Business Process Manager Advanced V7.5 IBM Certified Solution Advisor – Cloud Computing Architecture V3 IBM Certified Solution Developer – WebSphere Portal V5.1
This entry was posted in LFCE, Linux, Security. Bookmark the permalink.