Skip to content

Instantly share code, notes, and snippets.

@awaismirza
Last active February 28, 2024 18:12
Show Gist options
  • Save awaismirza/37222a5aedb6acbad8c54d837112c56e to your computer and use it in GitHub Desktop.
Save awaismirza/37222a5aedb6acbad8c54d837112c56e to your computer and use it in GitHub Desktop.
OpenSSL cheatsheet

OpenSsl Cheat Sheet

Generate Key

We can use openssl Command-line utility to generate private key which will be used for generating certificate Signing Request and Certificate.

openssl genpkey -out server.key -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -aes-128-cbc

You can name your key whatever you like for example key.pem | key.key | sample.hello doesn’t matter what you name the key but the general convention is to use .pem extension.

Generate Certificate Signing Request

CSR Configuration File

[req]
prompt = no
distinguished_name = dn
req_extensions = ext

[dn]
C = AU
ST = Victoria
L = Melbourne
O = awaisjamil
OU = integration
CN = www.awaisjamil.com
emailAddress = awais@awaisjamil.com

[ext]
subjectAltName = DNS:www.anz.com,DNS:anz.com

Generate CSR

openssl req -new -config ssl.cnf -key server.key -out server.csr

Generate Certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Generate Client Key and Certificate

Use thse same steps to generate client key and certificate.

openssl genpkey -out client.key -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -aes-128-cbc
openssl req -new -config ssl.cnf -key client.key -out client.csr
openssl x509 -req -days 365 -in client.csr -signkey client.key -out client.crt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment