Skip to content

Instantly share code, notes, and snippets.

@zhiguangwang

zhiguangwang/openssl.md

Last active December 6, 2021 03:37
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save zhiguangwang/7555cf13e15d64a5e0f3 to your computer and use it in GitHub Desktop.
Save zhiguangwang/7555cf13e15d64a5e0f3 to your computer and use it in GitHub Desktop.
Download ZIP
Common OpenSSL Commands with Keys and Certificates
Raw
openssl.md

Common OpenSSL Commands with Keys and Certificates

Generate RSA private key (2048 bit)

openssl genrsa -out private.pem 2048

Generate a Certificate Signing Request (CSR)

openssl req -sha256 -new -key private.pem -out csr.pem

Generate RSA private key (2048 bit) and a Certificate Signing Request (CSR) with a single command

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Convert private key to PEM format

openssl rsa -in server.key -outform PEM -out server.pem

Generate a self-signed certificate that is valid for a year with sha256 hash

openssl x509 -req -sha256 -days 365 -in csr.pem -signkey private.pem -out certificate.pem

View details of a RSA private key

openssl rsa -in private.pem -text -noout

View details of a CSR

openssl req -in csr.pem -text -noout

View details of a Certificate

openssl x509 -in certificate.pem -text -noout

View details of a Certificate in DER format

openssl x509 -inform der -in certificate.cer -text -noout

Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER

openssl x509 -outform der -in certificate.pem -out certificate.cer
@zhiguangwang
Copy link
Author

To get a public key for SSH purposes, use ssh-keygen:

ssh-keygen -y -f key.pem > key.pub

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment