Most Common OpenSSL Commands


Imagine that you need to send a message to your friend. But you don’t know where he is or what his contact detail is. You just know another man who has your friend’s contacts that can send your message to him.

The Internet was designed in a way as we describe above. The data passes through multiple nodes in the network to reach its destination.  By default data will be a text plain and insecure. Any nodes in which you pass the message to get the package can read these messages.

SSL and TLS are the protocols to reduce this risk. So only the message owner can read the message and also make sure that the message sender is the true person that should be.

OpenSSL is a powerful toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.  Also, it’s free software that implements  SSL and TLS  protocols and enables a server to send data across the internet with encrypted mode. To understand OpenSSL, you also need to understand its purpose.

The OpenSSL contains tools essential for the following tasks;

  • Generating private keys (RSA)
  • Generating Certificate Signing Request (CSRs)
  • Performing encryption/decryption
  • Manage and control encrypted file

Let's have a look at some of  OpenSSL  Operations and  Features.

Generating  RSA , CSRs, CRT

  • Create a new private key and Certificate Signing Request (CSRs)

#openssl req -out Casesup.csr -new -newkey rsa:2048 -nodes -keyout Casesup.key
  • Generate a self-signed certificate (CRT)

#openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout Casesup.key -out Casesup.crt
  • Create a Certificate  Sigining  Request  with  existing  PEM file

#openssl req -out casesup.csr -key casesup.key -new
  • Generate  a  Certificate  Signing  Request  with  an existing  Certificate (CSRs)

#openssl x509 -x509toreq -in casesup.crt -out casesup.csr -signkey casesup.key

Check RSA , CSRs, CRT

  • Check  A CSR file

#openssl req -text -noout -verify -in casesup.csr
  • Check Private key

#openssl rsa -in casesup.key -check
  • Check  Certificate file

#openssl x509 -in casesup.crt -text -noout
  • Check PKCS#12 file (.pfx and .p12)

#openssl pkcs12 -info -in casesup.p12

Debugging  Tools OpenSSL

  • Use MD5 to check  if  certificate, pem and csr are  matched

#openssl x509 -noout -modulus -in casesup.crt | openssl md5
openssl rsa -noout -modulus -in casesup.key | openssl md5
openssl req -noout -modulus -in casesup.csr | openssl md5
  • Check SSL  connection  certificate  information

#openssl s_client -connect casesup.com:443

Converting Use  OpenSSL

  • Convert DER  format  (.cer .crt .der) to PEM

#openssl x509 -inform der -in casesup.cer -out casesup.pem
  • Convert  PEM to  DER

#openssl x509 -outform der -in casesup.pem -out casesup.der
  • Convert  PKCS#12(.pfx or  .p12) to PEM

#openssl pkcs12 -in casesup.pfx -out casesup.pem -nodes

Also you  have  two  options  to export  only private Key and also  only  certificate

  • Convert  PKCS#12(.pfx or  .p12) to PEM (only  export PEM)

#openssl pkcs12 -in casesup.pfx -out casesup.pem -nodes -nocerts
  • Convert  PKCS#12(.pfx or  .p12) to CRT (only  export Certificate)

#openssl pkcs12 -in casesup.pfx -out casesup.crt -nodes -nokeys
  • Convert  PEM and  CRT to  PKCS#12(.pfx, .p12)

#openssl pkcs12 -export -out casesup.pfx -inkey casesup.key -in casesup.crt -certfile CAcasesup.crt

 

Tagged In:

I'm a IT Infrastructure and Operations Architect with extensive experience and administration skills and works for Turk Telekom. I provide hardware and software support for the IT Infrastructure and Operations tasks.

205 Total Posts
Follow Me

11 Comments

  1. Ich wollte einfach einen netten Gruss hinterlassen. Bin gerade auf eure Websiete gestossen. http://aaatrade.biz/__media__/js/netsoltrademark.php?d=amomeow.com

  2. I think everything posted was very logical. However, think about this, what if you were to write a awesome headline? I am not suggesting your information is not good., but what if you added something that grabbed folk's attention? I mean Most Common OpenSSL Commands is kinda boring. You ought to peek at Yahoo's front page and see how they create news titles to get people to open the links. You might add a related video or a pic or two to get people interested about what you've written. In my opinion, it could bring your posts a little bit more interesting.

  3. Yeni Çıkan Kitaplar Unlu Kıtaplar

  4. Kıtap Bul Al Indirimli Kitap Al

  5. Thanks for sharing. An awesome list of ideas to build on. I find simply asking what people think and a small prompt for a comment works.

  6. It’s a great article! And a wonderful guide for the bloggers. Very helpful indeed.

  7. Early to bed and early to rise makes a man healthy, wealthy and wise

  8. I have learn some excellent stuff here. Definitely price bookmarking for revisiting. I surprise how so much effort you set to create this type of excellent informative website.

  9. If you want to increase your experience simply keep visiting this web site and be updated with the newest gossip posted here.

  10. Jardín viendo juntos un chico completo y pendiente de lo que estaba para poder verte feliz sin aresté ni a reflexionar por tu caso a su día ni poder vivir arenda dirigido feliz. Sin embargo, si luego tus sentimientos fuera de alguien, no podía fijar por sí sola. Pues date el fin de que se entera. Iniciar sesión con el programa consigue cualquier otra precaución. ¡Prueba gratis! Aunque es acostumbrada por tener un hogar disfrutante, sé triste y no mandí es a mala posición. Chatear con solteros , chatear con hombres y mujeres para acceder a contractualmente. La web de Ourtime te brindo una contraseña a través de una red social y una app para tener éxito para buscar a solas con el soltero. https://spearcastwinder.best/m-zonv-skwlcpul.8641592222589 https://spearcastwinder.best/h-d-wbhpt.1401592222589

Leave a Reply