Cheat sheet for commonly used OpenSSL commands.

openssl-cheatsheet.md

View CSR [1]

openssl req -in [file.csr] -noout -text

View CRT [1]

openssl x509 -in [certificate.crt] -text -noout

View PFX/P12 [1]

openssl pkcs12 -info -in [cert.pfx]

UTF-8 characters in PFX/P12 passwords

openssl pkcs12 -info -in [STAR_example_org.pfx] -passin file:[password.txt]

PFX to KEY & CRT [2]

openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

CSR to CRT (self-signed)

openssl x509 -req -days 730 -in [www_example_org.csr] -signkey [www_example_org.key] -out [www_example_org.crt]

CRT & KEY to PFX [3]

openssl pkcs12 -export -out [domain.name.pfx] -inkey [domain.name.key] -in [domain.name.crt]

Also adding the cert-chain: openssl pkcs12 -export -out [domain.name.pfx] -inkey [domain.name.key] -in [intermediate/root.crt] -in [domain.name.crt]

CRT & KEY to PEM

https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files

Remove password from KEY [4]

openssl rsa -in [file1.key] -out [file2.key]

• [1] https://www.sslshopper.com/article-most-common-openssl-commands.html
• [2] https://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/
• [3] https://stackoverflow.com/questions/6307886/how-to-create-pfx-file-from-certificate-and-private-key
• [4] https://knowledge.digicert.com/solution/SO5292.html