Skip to content

Instantly share code, notes, and snippets.

@azadkuh
Last active July 15, 2024 17:43
Show Gist options
  • Save azadkuh/8957116 to your computer and use it in GitHub Desktop.
Save azadkuh/8957116 to your computer and use it in GitHub Desktop.
OpenSSL cheat sheet. This is a brief howto for socket programmers.

#OpenSSL cheat sheet This is a brief howto for socket programmers.

create RSA key pairs

ex: 1024bits length key pair:

$> openssl genrsa -out myprivate.pem 1024
$> openssl rsa -in myprivate.pem -pubout -out mypublic.pem

openssl genrsa
openssl rsa

remove passphrase from a key

do:
$> openssl rsa -in myprivate.pem -out mynewprivate.pem

add a passphrase to a key

do: (triple-des)
$> openssl rsa -des3 -in pkey_plain.pem -out pkey.pem

create a self-signed certificate

by a single command: (self-sgined, valid to 1000 days):
$> openssl req -x509 -nodes -days 1000 -newkey rsa:1024 -keyout mykey.pem -out mycert.pem

-nodes creates an unencrypted(plain) key.

openssl req

create a CSR

CSR = certificate signing request

with an existing private key:
$> openssl req -new -key client_pkey.pem -out client.csr
or with a new key:
$> openssl req -new -newkey rsa:1024 -nodes -keyout client_pkey.pem -out client.csr

create a CSR from an existing certificate

$> openssl x509 -x509toreq -in client_cert.pem -signkey client_pkey.pem -out client.csr
openssl x509

sign a CSR by a private key

$> openssl x509 -req -days 365 -signkey myprivate.pem -in client.csr -out client_cert.pem

get details of a certificate

ex:
$> openssl x509 -text -in mycert.pem

verify a certificate

some notes:

  • error 18: a self-signed certificate
  • error 10: certificate is expired!

ex:
$> openssl verify mycert.pem
openssl verify

create a sample server

$> openssl s_server -accept portNum -cert myCert.pem -key myPKey.pem
openssl s_server

connect to a server

  • connect a server:
    $> openssl s_client -showcerts -connect server:portNum

-showcert shows the server's certificate(s).

  • to connect with a client's certificate:
    $> openssl s_client -connect server:portNum -cert myCert.pem -key myPKey.pem

  • to send some data:
    $> openssl s_client -connect server:portNum
    then type in console of client / server.

  • openssl also works as a pipe:
    $> echo "some text!" | openssl s_client ...

openssl s_client

more docs

OpenSSL Command-Line HOWTO

other nice gists:

node.js gist + TLS

yet another gist for TLS + node.js:
source

samat cheat sheet

another quick tips:
wiki.samat.org

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment