Most Common OpenSSL Commands

Open Source / November 29, 2019 / By:

Contents

  1. Generating  RSA , CSRs, CRT
    1. Create a new private key and Certificate Signing Request (CSRs)
    2. Generate a self-signed certificate (CRT)
    3. Create a Certificate  Sigining  Request  with  existing  PEM file
    4. Generate  a  Certificate  Signing  Request  with  an existing  Certificate (CSRs)
  2. Check RSA , CSRs, CRT
    1. Check  A CSR file
    2. Check Private key
    3. Check  Certificate file
    4. Check PKCS#12 file (.pfx and .p12)
  3. Debugging  Tools OpenSSL
    1. Use MD5 to check  if  certificate, pem and csr are  matched
    2. Check SSL  connection  certificate  information
  4. Converting Use  OpenSSL
  5. Convert DER  format  (.cer .crt .der) to PEM
    1. Convert  PEM to  DER
    2. Convert  PKCS#12(.pfx or  .p12) to PEM
  6. Also you  have  two  options  to export  only private Key and also  only  certificate
    1. Convert  PKCS#12(.pfx or  .p12) to PEM (only  export PEM)
    2. Convert  PKCS#12(.pfx or  .p12) to CRT (only  export Certificate)
    3. Convert  PEM and  CRT to  PKCS#12(.pfx, .p12)

Imagine that you need to send a message to your friend. But you don’t know where he is or what his contact detail is. You just know another man who has your friend’s contacts that can send your message to him.

The Internet was designed in a way as we describe above. The data passes through multiple nodes in the network to reach its destination.  By default data will be a text plain and insecure. Any nodes in which you pass the message to get the package can read these messages.

SSL and TLS are the protocols to reduce this risk. So only the message owner can read the message and also make sure that the message sender is the true person that should be.

OpenSSL is a powerful toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.  Also, it’s free software that implements  SSL and TLS  protocols and enables a server to send data across the internet with encrypted mode. To understand OpenSSL, you also need to understand its purpose.

The OpenSSL contains tools essential for the following tasks;

  • Generating private keys (RSA)
  • Generating Certificate Signing Request (CSRs)
  • Performing encryption/decryption
  • Manage and control encrypted file

Let's have a look at some of  OpenSSL  Operations and  Features.

Generating  RSA , CSRs, CRT

  • Create a new private key and Certificate Signing Request (CSRs)

#openssl req -out Casesup.csr -new -newkey rsa:2048 -nodes -keyout Casesup.key

  • Generate a self-signed certificate (CRT)

#openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout Casesup.key -out Casesup.crt

  • Create a Certificate  Sigining  Request  with  existing  PEM file

#openssl req -out casesup.csr -key casesup.key -new

  • Generate  a  Certificate  Signing  Request  with  an existing  Certificate (CSRs)

#openssl x509 -x509toreq -in casesup.crt -out casesup.csr -signkey casesup.key

Check RSA , CSRs, CRT

  • Check  A CSR file

#openssl req -text -noout -verify -in casesup.csr

  • Check Private key

#openssl rsa -in casesup.key -check

  • Check  Certificate file

#openssl x509 -in casesup.crt -text -noout

  • Check PKCS#12 file (.pfx and .p12)

#openssl pkcs12 -info -in casesup.p12

Debugging  Tools OpenSSL

  • Use MD5 to check  if  certificate, pem and csr are  matched

#openssl x509 -noout -modulus -in casesup.crt | openssl md5
openssl rsa -noout -modulus -in casesup.key | openssl md5
openssl req -noout -modulus -in casesup.csr | openssl md5

  • Check SSL  connection  certificate  information

#openssl s_client -connect casesup.com:443

Converting Use  OpenSSL

  • Convert DER  format  (.cer .crt .der) to PEM

#openssl x509 -inform der -in casesup.cer -out casesup.pem

  • Convert  PEM to  DER

#openssl x509 -outform der -in casesup.pem -out casesup.der

  • Convert  PKCS#12(.pfx or  .p12) to PEM

#openssl pkcs12 -in casesup.pfx -out casesup.pem -nodes

Also you  have  two  options  to export  only private Key and also  only  certificate

  • Convert  PKCS#12(.pfx or  .p12) to PEM (only  export PEM)

#openssl pkcs12 -in casesup.pfx -out casesup.pem -nodes -nocerts

  • Convert  PKCS#12(.pfx or  .p12) to CRT (only  export Certificate)

#openssl pkcs12 -in casesup.pfx -out casesup.crt -nodes -nokeys

  • Convert  PEM and  CRT to  PKCS#12(.pfx, .p12)

#openssl pkcs12 -export -out casesup.pfx -inkey casesup.key -in casesup.crt -certfile CAcasesup.crt

 

Tagged In:

I'm a IT Infrastructure and Operations Architect with extensive experience and administration skills and works for Turk Telekom. I provide hardware and software support for the IT Infrastructure and Operations tasks.

205 Total Posts
Follow Me

11 Comments

  1. smallest cat in the wolrd January 07, 2020 at 11:33 PM

    Ich wollte einfach einen netten Gruss hinterlassen. Bin gerade auf eure Websiete gestossen. http://aaatrade.biz/__media__/js/netsoltrademark.php?d=amomeow.com

    Reply
  2. Cialis February 10, 2020 at 09:03 AM

    I think everything posted was very logical. However, think about this, what if you were to write a awesome headline? I am not suggesting your information is not good., but what if you added something that grabbed folk's attention? I mean Most Common OpenSSL Commands is kinda boring. You ought to peek at Yahoo's front page and see how they create news titles to get people to open the links. You might add a related video or a pic or two to get people interested about what you've written. In my opinion, it could bring your posts a little bit more interesting.

    Reply
  3. http://dokuzbasin.dindigulcart.com February 19, 2020 at 04:31 AM

    Yeni Çıkan Kitaplar Unlu Kıtaplar

    Reply
  4. http://canli-bahis-siteleri-mobil2020.over-blog.com/ April 24, 2020 at 01:14 PM

    Kıtap Bul Al Indirimli Kitap Al

    Reply
  5. 바카라사이트 May 22, 2020 at 08:40 AM

    Thanks for sharing. An awesome list of ideas to build on. I find simply asking what people think and a small prompt for a comment works.

    Reply
  6. 바카라 May 22, 2020 at 08:49 AM

    It’s a great article! And a wonderful guide for the bloggers. Very helpful indeed.

    Reply
  7. 카지노사이트 May 22, 2020 at 08:56 AM

    Early to bed and early to rise makes a man healthy, wealthy and wise

    Reply
  8. 카지노사이트추천 May 22, 2020 at 09:00 AM

    I have learn some excellent stuff here. Definitely price bookmarking for revisiting. I surprise how so much effort you set to create this type of excellent informative website.

    Reply
  9. 바카라사이트추천 May 22, 2020 at 09:03 AM

    If you want to increase your experience simply keep visiting this web site and be updated with the newest gossip posted here.

    Reply
  10. https://spearcastwinder.best/m-zonv-skwlcpul.8641592222589 June 16, 2020 at 04:47 AM

    Jardín viendo juntos un chico completo y pendiente de lo que estaba para poder verte feliz sin aresté ni a reflexionar por tu caso a su día ni poder vivir arenda dirigido feliz. Sin embargo, si luego tus sentimientos fuera de alguien, no podía fijar por sí sola. Pues date el fin de que se entera. Iniciar sesión con el programa consigue cualquier otra precaución. ¡Prueba gratis! Aunque es acostumbrada por tener un hogar disfrutante, sé triste y no mandí es a mala posición. Chatear con solteros , chatear con hombres y mujeres para acceder a contractualmente. La web de Ourtime te brindo una contraseña a través de una red social y una app para tener éxito para buscar a solas con el soltero. https://spearcastwinder.best/m-zonv-skwlcpul.8641592222589 https://spearcastwinder.best/h-d-wbhpt.1401592222589

    Reply
  11. AlbertGuilk June 17, 2020 at 08:16 AM

    Restoration of baths in Podolsk

    Reply

Leave a Reply