Skip to content

Instantly share code, notes, and snippets.

@trasherdk
Forked from NoMan2000/openssl.md
Created December 14, 2018 01:52
Show Gist options
  • Save trasherdk/d679aeb348dd0d1d3c24ff835181c957 to your computer and use it in GitHub Desktop.
Save trasherdk/d679aeb348dd0d1d3c24ff835181c957 to your computer and use it in GitHub Desktop.
Common OpenSSL Commands with Keys and Certificates

Common OpenSSL Commands with Keys and Certificates

SSL Info

Generate RSA private key with certificate in a single command

openssl req -x509 -newkey rsa:4096 -sha256 -keyout example.key -out example.crt -subj "/CN=example.com" -days 3650 -passout pass:foobar

Generate Certificate Signing Request (CSR) from private key with passphrase

openssl x509 -x509toreq -in example.crt -out example.csr -signkey example.key -passin pass:foobar

Generate RSA private key (2048 bit)

openssl genrsa -out private.pem 2048

Generate a Certificate Signing Request (CSR)

openssl req -sha256 -new -key private.pem -out csr.pem

Generate RSA private key (2048 bit) and a Certificate Signing Request (CSR) with a single command

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Convert private key to PEM format

openssl rsa -in server.key -outform PEM -out server.pem

Generate a self-signed certificate that is valid for a year with sha256 hash

openssl x509 -req -sha256 -days 365 -in csr.pem -signkey private.pem -out certificate.pem

View details of a RSA private key

openssl rsa -in private.pem -text -noout

View details of a CSR

openssl req -in csr.pem -text -noout

View details of a Certificate

openssl x509 -in certificate.pem -text -noout

View details of a Certificate in DER format

openssl x509 -inform der -in certificate.cer -text -noout

Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER

openssl x509 -outform der -in certificate.pem -out certificate.cer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment