openssl commands.txt

1. Convert PEM CERTs to other common formats
2. I just used this one yesterday. I got a certificate in PEM format as is my custom. But not every web server out there is apache or apache-compatible. What to do? I’ve learned to convert the PEM-formatted certificates to other favored formats.
3.  
4. The following worked for a Tomcat server and also for another proprietary web server which was running on a Windows server and wanted a pkcs#12 type certificate:
5.  
6. $ openssl pkcs12 -export -chain -inkey drjohns.key -in drjohns.crt -name “drjohnstechtalk.com” -CAfile intermediate_plus_root.crt -out drjohns.p12
7.  
8. The intermediate_plus_root.crt file contained a concatenation of those CERTs, in PEM format of course.
9.  
10. The beauty of the above command is that it also takes care of setting up the intermediate CERT – everything needed is shoved into the .p12 file. .p12 can also be called .pfx.
11.  
12. Examine a certificate
13.  
14. $ openssl x509 -in certificate_name.crt -text
15.  
16. Examine a CSR – certificate signing request
17.  
18. $ openssl req -in certificate_name.csr -text
19.  
20. Examine a private key
21.  
22. $ openssl rsa -in certificate_name.key -text
23.  
24. Create a SAN (subject alternative name) CSR
25.  
26. $ openssl req -new -nodes -out myreq.csr -config req.conf
27.  
28. This creates the private key and CSR in one go. My req.conf looks like:
29.  
30. Verify your certificate chain
31.  
32. $ openssl verify -CAfile …
33.  
34. Look at a certificate and certificate chain of any server running SSL
35.  
36. $ openssl s_client -showcerts -connect https://host[:port]/