Created
April 27, 2017 14:53
-
-
Save inqueue/564735142c00fa7e33d5639a72c91845 to your computer and use it in GitHub Desktop.
openssl commands that will help you in a pinch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Checking and verification ### | |
# Check a certificate signing requested | |
openssl req -text -noout -verify -in node_sign_request.csr | |
# Check a private key | |
openssl rsa -in node.key -check | |
# Check a certificate | |
openssl x509 -in node.crt -text -noout | |
# Check a PKCS12 file | |
openssl pkcs12 -info -in keyStore.p12 | |
# Check match CA certificate subject, issuer against node certificate | |
openssl x509 -in ca.cert.pem -noout -subject -issuer | |
openssl x509 -in node.cert.pem -noout -issuer -isser | |
# Verify node certificate against CA | |
openssl verify -CAfile ca.cert.pem node.cert.pem | |
# Verify intermediate certificate against CA | |
openssl verify -CAfile ca.cert.pem intermediate.crt | |
# Verfiy node certificate against intermediate and root CA | |
openssl verify -CAfile ca.cert.pem -untrusted intermediate.crt node.cert.pem | |
### Other commands ### | |
# Generate new private key and CSR | |
openssl req -out node_sign_request.csr -new -newkey rsa:4096 -nodes -keyout node.key | |
# Generate a self-signed certificate | |
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout node.key -out node.crt | |
# Generate a CSR for an existing private key | |
openssl req -out node_sign_request.csr -key node.key -new | |
# Generate a CSR based on an existing certificate (renewal) | |
openssl x509 -x509toreq -in node.crt -out node_sign_request.csr -signkey node.key | |
# Remove passphrase from a private key | |
openssl rsa -in node.key -out node_no_passphrase.key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment