SSL cheatsheet

ssl cheatsheet

OpenSSL modules:
 - genrsa
   Generate an RSA private key
   https://www.openssl.org/docs/apps/genrsa.html
 - req
   PKCS#10 certificate request and certificate generating utility.
   https://www.openssl.org/docs/apps/req.html
 - x509 
   Certificate display and signing utility
   https://www.openssl.org/docs/apps/x509.html

-----------------------------------------

# Generate both key & signing request at once
openssl req -newkey rsa:2048 [-nodes] -keyout key.pem -out csr.pem

# Generate RSA key
openssl genrsa [-aes128|-aes256|-des3] -out FILE.key KEY_SIZE

# Remove passphrase from key
openssl rsa -in key.pem -out key.pem

# Create csr
openssl req -new -key FILE.key -out FILE.csr

# Create self-signed crt
openssl req -x509 -new  -days DAYS -key FILE.key -out FILE.crt

# Sign a csr
openssl x509 -req -days DAYS -in FILE.csr -CA CA.crt -CAkey CA.key [-CAcreateserial] -out SITE.crt
-or-
openssl x509 -req -days DAYS -CA CA_CERT -in FILE.csr -out FILE.crt
CA_CERT = combined key & crt for ca (`cat ca.key ca.crt > ca.cert`)

-----------------------------------------

# View cert signing request
openssl req -noout -text -in FILE.csr

# View cert
openssl x509 -noout -text -in FILE.crt

# View cert purpose
openssl x509 -purpose -in FILE.crt

# View cert revocation list
openssl crl -noout -text -in FILE.crl

-----------------------------------------

Chained certificate file ordering: Local -> Global