Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@npodonnell

npodonnell/openssl_X509_cheatsheet.md

Last active July 31, 2020 17:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save npodonnell/2ad7af24ad1f81aaf56fc1c35b0a1be8 to your computer and use it in GitHub Desktop.
Save npodonnell/2ad7af24ad1f81aaf56fc1c35b0a1be8 to your computer and use it in GitHub Desktop.
Download ZIP
OpenSSL X.509 Cheatsheet
Raw
openssl_X509_cheatsheet.md

OpenSSL X.509 Cheatsheet

N. P. O'Donnell, 2020

Creating Keys

Create 2048-bit RSA key:

openssl genrsa -out example.com.key 2048

Create 4096-bit RSA key with AES-128 encrypted passphrase:

openssl genrsa -aes128 -out example.com.key 4096

EC Keys

List available curves:

openssl ecparam -list_curves

Create an EC key with the secp256k1 curve:

openssl ecparam -name secp256k1 -param_enc explicit -genkey -out example.com.key

Creating CSR

Create a CSR:

openssl req -new -key example.com.key -out example.com.csr

Signing

Self-sign a cert with 1-year validity:

openssl x509 -req -days 365 -in example.com.csr -signkey example.com.key -out example.com.crt

Decoding

Decode a CSR:

openssl req -in example.com.csr -noout -text

Decode an X.509 Certificate:

openssl x509 -in example.com.crt -text

Removing Passphrase

Remove a passphrase from a key:

openssl rsa -in example.com.key -out example.com.key.dec

Conversion

Convert cert from DER to PEM:

openssl x509 -inform DER -outform PEM -text -in example.com.der -out example.com.pem

Convert cert from PEM to DER:

openssl x509 -inform PEM -outform DER -text -in example.com.pem -out example.com.der
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment