home..
Certs
Gekko Geko / February 2024 (192 Words, 2 Minutes)
certs
tools
linux
OpenSSL
List
- CSR
- CA
- Generate Certificate
- X.509
- Convert Formats
Certificate Signing Request - CSR
Create a CSR and a private key without a pass phrase:
openssl req -nodes -newkey rsa:[bits] -keyout example.key -out example.csr
Add the subject info to run it in a noninteractive mode:
openssl req -nodes -newkey rsa:[bits] -keyout example.key -out example.csr "/C=SI/ST=Ljubljana/L=Ljubljana/O=Organization/OU=OrganizationUnit/CN=example.com"
Create a signign request from an existing certificate pair:
openssl x509 -x509toreq -in cert.pem -out example.csr -signkey example.key
Certificate Authority
Generate RSA:
openssl genrsa -aes256 -out ca-key.pem [bits]
Generate a public CA Cert:
openssl req -new -x509 -sha256 -days 365 -key ca-key.pem -out ca.pem
Generate Certificate
Create the certificate:
openssl x509 -req -sha256 -days 365 -in example.csr -CA ca.pem -CAkey ca-key.pem -out example.pem -CAcreateserial
X.509 Certificate
Self-Signed Certificate:
openssl req -nodes -newkey rsa:[bits] -keyout example.key -out example.crt -x509 -days 365
Print the certificate in text form:
openssl x509 -in example.crt -text -noout
Convert Formats
DER - PEM:
openssl x509 -in example.pem -outform der -out example.der
openssl x509 -in example.der -inform der -out example.pem
PKCS#12 - PEM:
openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in certificate.pem -certfile ca-chain.pem
openssl pkcs12 -in keystore.pfx -out keystore.pem -nodes
TLS Connect
Connect to a server:
openssl s_client -connect example.com:443
openssl s_client -host example.com -port 443
openssl s_client -servername www.example.com -host example.com -port 443
Show/Download certificates:
openssl s_client -showcerts -host example.com -port 443 </dev/null
openssl s_client -connect example.com:443 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' > certificate.pem
© 2024 Gekko Geko
•
Powered by GitHub Pages
•
Theme Moonwalk