Openssl Commands : SSL Certificates

Important Openssl Commands : How to

  • How to find OpenSSL version
openssl version -a
  • How to Create new Private Key and Certificate Signing Request
openssl req -out javaperformance.csr -newkey rsa:2048 -nodes -keyout cgibell.key
  • How to create a Self-Signed Certificate
openssl req -x509 -sha256 -nodes -newkey rsa:2048 -keyout javaperformanceselfsigned.key -out javaperformancecert.pem
  • How to verify CSR file
openssl req -noout -text -in javaperformance.csr
  • How to create RSA Private Key
openssl genrsa -out private.key 2048
  • How to remove Passphrase(password) from Key
openssl rsa -in javaperformance.key -out nopassphrase.key
  • How to verify Private Key
openssl rsa -in certkey.key –check
  • How to verify the Certificate Signer Authority
openssl x509 -in certfile.pem -noout -issuer -issuer_hash
  • How to Check Hash Value of A Certificate
openssl x509 -noout -hash -in javaperformance.pem
  • How to Convert DER to PEM format
openssl x509 –inform der –in sslcert.der –out sslcert.pem
  • How to Convert PEM to DER format
openssl x509 –outform der –in sslcert.pem –out sslcert.der
  • How to Convert Certificate and Private Key to PKCS#12 format
openssl pkcs12 –export –out sslcert.pfx –inkey key.pem –in sslcert.pem
  • How to Create CSR using an existing private key
openssl req –out certificate.csr –key existing.key –new
  • How to Check contents of PKCS12 format cert  – PKCS12 is binary format so you won’t be able to view the content in notepad or another editor.
openssl pkcs12 –info –nodes –in cert.p12
  • How to Convert PKCS12 format to PEM certificate
openssl pkcs12 –in cert.p12 –out cert.pem
  • How to Test SSL certificate of particular URL
openssl s_client -connect javaperformance.co.in:443 –showcerts
  • How to check PEM File Certificate Expiration Date
openssl x509 -noout -in certificate.pem -dates
  • How to check Certificate Expiration Date of SSL URL
openssl s_client -connect javaperformance.co.in:443 2>/dev/null | openssl x509 -noout –enddate

Eg:

openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout –enddate

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s