Common OpenSSL Commands with Keys and Certificates

openssl.md

Common OpenSSL Commands with Keys and Certificates

SSL Info

Generate RSA private key with certificate in a single command

openssl req -x509 -newkey rsa:4096 -sha256 -keyout example.key -out example.crt -subj "/CN=example.com" -days 3650 -passout pass:foobar

Generate Certificate Signing Request (CSR) from private key with passphrase

openssl x509 -x509toreq -in example.crt -out example.csr -signkey example.key -passin pass:foobar

Generate RSA private key (2048 bit)

openssl genrsa -out private.pem 2048

Generate a Certificate Signing Request (CSR)

openssl req -sha256 -new -key private.pem -out csr.pem

Generate RSA private key (2048 bit) and a Certificate Signing Request (CSR) with a single command

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Convert private key to PEM format

openssl rsa -in server.key -outform PEM -out server.pem

Generate a self-signed certificate that is valid for a year with sha256 hash

openssl x509 -req -sha256 -days 365 -in csr.pem -signkey private.pem -out certificate.pem

View details of a RSA private key

openssl rsa -in private.pem -text -noout

View details of a CSR

openssl req -in csr.pem -text -noout

View details of a Certificate

openssl x509 -in certificate.pem -text -noout

View details of a Certificate in DER format

openssl x509 -inform der -in certificate.cer -text -noout

Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER

openssl x509 -outform der -in certificate.pem -out certificate.cer

Is there an easy way to create a CSR, using an existing certificate as a template? That would be useful to create a new cert for when the current one expires, for instance.

You looking for something like this: openssl x509 -in domain.crt -signkey domain.key -x509toreq -out domain.csr