Skip to content

Instantly share code, notes, and snippets.

@aldegoeij
Last active March 25, 2020 11:31
Show Gist options
  • Save aldegoeij/3e09346b5a0c1d8c95833dc8abc12e26 to your computer and use it in GitHub Desktop.
Save aldegoeij/3e09346b5a0c1d8c95833dc8abc12e26 to your computer and use it in GitHub Desktop.
Often used and forgotten OpenSLL Commands

OpenSSL and SSH commands:

Adding password to an existing SSH key

ssh-keygen -p -f {file_name}

Generating SSL key-set (private & csr) (RSA 2048-bit SHA2)

openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout private.keyfile -out signing_req.csr

Adding password to an existing SSL key (AES256 encryption), remember to delete the unencrypted keyfile

openssl rsa -aes256 -in private.keyfile -out private_encrypted.keyfile

Protect private key with CHMOD

chmod -R 400 private.keyfile

If you are wise, create a protected directory for keys:

mkdir -p ~/keys
chmod -R 750 ~/keys

Of course you can be more strict than 750

Remove password from existing SSL key

openssl rsa -in private_encrypted.keyfile -out private.keyfile

Generate fresh SSL Certificate Signing Request (CSR) from existing private key

openssl req -new -key private.keyfile -out signing_req.csr

Check if a public key matches a private key

Compare the output of the MD5 hash of the modulus of the certificates to see if they belong together.

Public Key:

openssl x509 -noout -modulus -in public.crt | openssl md5

Private Key:

openssl rsa -noout -modulus -in private.keyfile | openssl md5

If you also want to check the CSR:

openssl req -noout -modulus -in signed_request.csr | openssl md5

--

Free to use, more to come.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment