OpenSSL cheatsheet
Basics
- Show help by certificate format
-
$ openssl x509 --help $ openssl pkcs12 --help $ openssl req --help
Info
- Display certificate info
$ openssl x509 -text -noout -in cert.pem- Display brief info for domain certificate
$ openssl s_client -connect imn1.xyz:443 -brief- Display extensive info for domain certificate
$ openssl s_client -connect imn1.xyz:443- Display certificate expiry date
$ openssl x509 -enddate -noout -in cert.pem
Unpacking
- Cert from pkcs12
$ openssl pkcs12 -nodes -in domena.cz.pfx -out cert.crt- Key from pkcs12
$ openssl pkcs12 -nodes -in domena.cz.pfx -nocerts -out key.key
Generating
- Generate key with a password
$ openssl genrsa -out private.key 2048- Generate CSR (certificate request)
$ openssl req -newkey rsa:2048 -keyout private.key -out request.csr- Remove password from key
$ openssl rsa -in private.key -out private_without_passphrase.key- Add password to the key
$ openssl rsa -in private_without_passphrase.key -out private.key -des3
Comparing
- Compare modulus of key and
-
$ openssl x509 -noout -modulus -in file.cert $ openssl rsa -noout -modulus -in file.key