Last active
February 6, 2018 16:53
-
-
Save Fake51/17e30f9e9383e292b67c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # verify that certificate and chain will work | |
| openssl verify -verbose -purpose sslserver -CAfile <file containing both root and intermediates> <file containing signed cert> | |
| # verify that private key and certificate match - compare output | |
| openssl x509 -noout -modulus -in server.crt | openssl md5 | |
| openssl rsa -noout -modulus -in server.key | openssl md5 | |
| # connect to web server and verify certificate | |
| openssl s_client -connect example.com:443 -CApath /etc/ssl/certs/ | |
| # connect to smtp server and verify certificate and TLS option | |
| openssl s_client -connect example.com:25 -starttls smtp -CApath /etc/ssl/certs/ | |
| # encrypt private key for SSL certificate | |
| openssl rsa -des3 -in unencrypted.key -out encrypted.key | |
| # decrypt private key for SSL certificate | |
| openssl rsa -in unencrypted.key -out encrypted.key | |
| # encrypt file | |
| openssl enc -e -in unencrypted.file -out encrypted.file -aes-256-cbc -salt -md sha256 | |
| # decrypt file | |
| openssl enc -d -in encrypted.file -out unencrypted.file -aes-256-cbc -md sha256 | |
| # Generate a new private key and Certificate Signing Request | |
| openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment