Skip to content

Instantly share code, notes, and snippets.

@JadedEvan

JadedEvan/HOWTO-openssl.md

Last active March 1, 2017 21:39
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save JadedEvan/9d134f14672a5ca80dd3 to your computer and use it in GitHub Desktop.
Save JadedEvan/9d134f14672a5ca80dd3 to your computer and use it in GitHub Desktop.
Download ZIP
Various openssl commands
Raw
HOWTO-openssl.md

Self Signed Certificate

Generate a new RSA key of 4096 bits. Adding the -des3 (or any other cipher) requires that the key have a password issued:

openssl genrsa -out server.key 2048

Generate a new CSR (Certificate Signed Request)

openssl req -new -key server.key -out server.csr

Generate a new SSL certificate using the CSR and the keyfile:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Optional remove the password from a key

openssl rsa -in server.key.org -out server.key  (remove passphrase from key)

For issuing certificates

Generate a key, create a CSR

$ openssl genrsa -out chirpify.key 2048
$ openssl req -new -key server.key -out server.csr

Miscellaneous

Verify a certificate by comparing the MD5 signatures of the modulus for the key and the certificate. They should be identical.

openssl x509 -noout -modulus -in STAR_chirpify_com.crt | openssl md5

Same for private key

openssl rsa -noout -modulus -in chirpify.key | openssl md5

See https://kb.wisc.edu/middleware/page.php?id=4064 for more

Extract the public part of an SSL RSA key

openssl rsa -in ~/.ssh/staging.pem -out staging.pub -outform PEM -pubout
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment