-
-
Save danimad/596f91e945f4b313172c39e86c1b95e2 to your computer and use it in GitHub Desktop.
Handy OpenSSL command-line combinations I've used - they might've been hard to find or come up with, so capturing them here.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| if _%1_==__ goto USAGE | |
| openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem -subj "/CN=My Cert Name" | |
| openssl pkcs12 -export -out mycert.pfx -inkey mycert.pem -in mycert.pem -passout pass:%1 | |
| openssl x509 -inform pem -in mycert.pem -outform der -out mycert.cer | |
| openssl pkcs12 -in mycert.pfx -nodes -passin pass:%1 | openssl x509 -noout -fingerprint | |
| openssl x509 -in mycert.pem -noout -fingerprint | |
| openssl x509 -in mycert.pem -noout -subject | |
| openssl x509 -in mycert.pem -noout -text | grep "RSA Public Key" | |
| goto END | |
| :USAGE | |
| echo %0 password-for-private-key | |
| :END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## create certificates with same key set in PKCS #12 (.pfx), X.509 (.pem), and CER (.cer) formats. | |
| ## PKCS #12 (.pfx) and X.509 (.pem) certificates will have private keys. | |
| ## show thumbprints and subjects. | |
| openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem -subj "/CN=My Cert Name" | |
| openssl pkcs12 -export -out mycert.pfx -inkey mycert.pem -in mycert.pem | |
| openssl x509 -inform pem -in mycert.pem -outform der -out mycert.cer | |
| # show thumbprint (perhaps to match it with Windows Azure portal) | |
| openssl x509 -in mycert.pem -noout -fingerprint | |
| # credit: http://stackoverflow.com/a/15520543/306430 | |
| openssl pkcs12 -in mycert.pfx -nodes | openssl x509 -noout -fingerprint | |
| # show CN Subject (perhaps to match it with NAME displayed in Windows Azure Portal) | |
| openssl x509 -in mycert.pem -noout -subject | |
| # show key length (1024, 2048, etc.) (perhaps to make sure it is strong, but not too strong - 1024 good?) | |
| openssl x509 -in mycert.pem -noout -text | grep "RSA Public Key" | |
| ## create Windows Azure Management Certificate | |
| # - create pem file for use on Mac or Linux | |
| openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.key -out mycert.pem | |
| # - same as above, but also assign the Subject Name, which is used as cert name in Windows Azure Portal | |
| openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.key -out mycert.pem -subj "/O=My Cert Name" | |
| # - same as above, except set Common Name rather than Organization | |
| openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.key -out mycert.pem -subj "/CN=My Cert Name" | |
| # - same as above, but BOTH -keyout and -out are directed at same file | |
| openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem -subj "/O=My Cert Name" | |
| # - derive cer file for upload to Windows Azure | |
| openssl x509 -inform pem -in mycert.pem -outform der -out mycert.cer | |
| ## credit: http://stackoverflow.com/questions/15413646/converting-pfx-to-pem-using-openssl | |
| # PEM => PFX | |
| openssl pkcs12 -export -out mycert.pfx -inkey mycert.pem -in mycert.pem | |
| # PFX => PEM (keep cert chain) | |
| openssl pkcs12 -in file.pfx -out file.pem -nodes | |
| ## SSL | |
| pkcs12 -in client_ssl.pfx -out client_ssl.pem -clcerts | |
| pkcs12 -in client_ssl.pfx -out root.pem -cacerts | |
| # - or - (via Tim L - save private key to text file with .key extension) | |
| openssl pkcs12 –export –in foo.crt –inkey foo.key –out foo.pfx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment