1. Create key + csr:
$> openssl req -new -nodes -keyout server.key -out server.csr -newkey rsa:4096
2. Create key only:
$> openssl genrsa -des3 -out server.key.crypted 4096
3. Remove password from key:
$> openssl rsa -in server.key.crypted -out server.key
4. Generate CSR
$> openssl req -new -key server.key -out server.csr
5. Self generated certificate
$> openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
6. View the details of CSR
$> openssl req -noout -text -in server.csr
7. Check a Certificate Signing Request (CSR)
$> openssl req -text -noout -verify -in CSR.csr
8. Check a private key
$> openssl rsa -in privateKey.key -check
9. Check a certificate
$> openssl x509 -in certificate.crt -text -noout
10. Check a PKCS#12 file (.pfx or .p12)
$> openssl pkcs12 -info -in keyStore.p12
11. Convert .crt to .pfx for IIS server
$> openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt
How do I extract information from a certificate? (from: https://www.madboa.com/geek/openssl/ )
An SSL certificate contains a wide range of information: issuer, valid dates, subject, and some hardcore crypto stuff. The x509 subcommand is the entry point for retrieving this information. The examples below all assume that the certificate you want to examine is stored in a file named cert.pem.
Using the -text option will give you the full breadth of information.
$> openssl x509 -text -in cert.pem
Other options will provide more targeted sets of data.
# who issued the cert?
$> openssl x509 -noout -in cert.pem -issuer
# to whom was it issued?
$> openssl x509 -noout -in cert.pem -subject
# for what dates is it valid?
$> openssl x509 -noout -in cert.pem -dates
# the above, all at once
$> openssl x509 -noout -in cert.pem -issuer -subject -dates
# what is its hash value?
$> openssl x509 -noout -in cert.pem -hash
$> openssl x509 -noout -in cert.pem -serial
# what is its MD5 fingerprint?
#> openssl x509 -noout -in cert.pem -fingerprint -md5
# what is its SHA1 fingerprint?
$> openssl x509 -noout -in cert.pem -fingerprint -sha1
TrackbacksTrackback specific URI for this entry
This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.