Instantly share code, notes, and snippets.

Embed
What would you like to do?
Some list of openssl commands for check and verify your keys

openssl

Install

Install the OpenSSL on Debian based systems

sudo apt-get install openssl

Commands

Create a private key

openssl genrsa -out server.key 4096

Generate a new private key and certificate signing request

openssl req -out server.csr -new -newkey rsa:4096 -nodes -keyout server.key

Generate a self-signed certificate

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt

Generate a certificate signing request (CSR) for an existing private key

openssl req -out server.csr -key server.key -new

Generate a certificate signing request based on an existing certificate

openssl x509 -x509toreq -in server.crt -out server.csr -signkey server.key

Remove a passphrase from a private key

openssl rsa -in server.pem -out newserver.pem

Parse a list of revoked serial numbers

openssl crl -inform DER -text -noout -in list.crl

Check a certificate signing request (CSR)

openssl req -text -noout -verify -in server.csr

Check a private key

openssl rsa -in server.key -check

Check a public key

openssl rsa -inform PEM -pubin -in pub.key -text -noout
openssl pkey -inform PEM -pubin -in pub.key -text -noout

Check a certificate

openssl x509 -in server.crt -text -noout
openssl x509 -in server.cer -text -noout

Check a PKCS#12 file (.pfx or .p12)

openssl pkcs12 -info -in server.p12

Verify a private key matches an certificate

openssl x509 -noout -modulus -in server.crt | openssl md5
openssl rsa -noout -modulus -in server.key | openssl md5
openssl req -noout -modulus -in server.csr | openssl md5

Display all certificates including intermediates

openssl s_client -connect www.paypal.com:443

Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in server.cer -out server.pem

Convert a PEM file to DER

openssl x509 -outform der -in server.pem -out server.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in server.pfx -out server.pem -nodes

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -certfile CACert.crt

Generate a Diffie Hellman key

openssl dhparam -out dhparam.pem 2048
@endermetin60

This comment has been minimized.

Show comment
Hide comment
@endermetin60

endermetin60 May 22, 2018

<script src="https://gist.github.com/webtobesocial/5313b0d7abc25e06c2d78f8b767d4bc3.js"></script>

endermetin60 commented May 22, 2018

<script src="https://gist.github.com/webtobesocial/5313b0d7abc25e06c2d78f8b767d4bc3.js"></script>
@rustymagnet3000

This comment has been minimized.

Show comment
Hide comment
@rustymagnet3000

rustymagnet3000 Jul 6, 2018

do you know to check a hex formatted public key?

For example, if you extract Public Key from Cert in Hex format

openssl x509 -modulus -noout < stackexchangecom.crt | sed s/Modulus=//

rustymagnet3000 commented Jul 6, 2018

do you know to check a hex formatted public key?

For example, if you extract Public Key from Cert in Hex format

openssl x509 -modulus -noout < stackexchangecom.crt | sed s/Modulus=//

@lolgear

This comment has been minimized.

Show comment
Hide comment
@lolgear

lolgear Jul 31, 2018

@webtobesocial

It would be nice to extend this list by:

  • openssl req utility with -subj flag.
  • openssl pkcs12 output with -passout flag.

lolgear commented Jul 31, 2018

@webtobesocial

It would be nice to extend this list by:

  • openssl req utility with -subj flag.
  • openssl pkcs12 output with -passout flag.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment