Advertisement
opexxx

openssl commands.txt

Aug 13th, 2013
227
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 1.48 KB | None | 0 0
  1. Convert PEM CERTs to other common formats
  2. I just used this one yesterday. I got a certificate in PEM format as is my custom. But not every web server out there is apache or apache-compatible. What to do? I’ve learned to convert the PEM-formatted certificates to other favored formats.
  3.  
  4. The following worked for a Tomcat server and also for another proprietary web server which was running on a Windows server and wanted a pkcs#12 type certificate:
  5.  
  6. $ openssl pkcs12 -export -chain -inkey drjohns.key -in drjohns.crt -name “drjohnstechtalk.com” -CAfile intermediate_plus_root.crt -out drjohns.p12
  7.  
  8. The intermediate_plus_root.crt file contained a concatenation of those CERTs, in PEM format of course.
  9.  
  10. The beauty of the above command is that it also takes care of setting up the intermediate CERT – everything needed is shoved into the .p12 file. .p12 can also be called .pfx.
  11.  
  12. Examine a certificate
  13.  
  14. $ openssl x509 -in certificate_name.crt -text
  15.  
  16. Examine a CSR – certificate signing request
  17.  
  18. $ openssl req -in certificate_name.csr -text
  19.  
  20. Examine a private key
  21.  
  22. $ openssl rsa -in certificate_name.key -text
  23.  
  24. Create a SAN (subject alternative name) CSR
  25.  
  26. $ openssl req -new -nodes -out myreq.csr -config req.conf
  27.  
  28. This creates the private key and CSR in one go. My req.conf looks like:
  29.  
  30. Verify your certificate chain
  31.  
  32. $ openssl verify -CAfile
  33.  
  34. Look at a certificate and certificate chain of any server running SSL
  35.  
  36. $ openssl s_client -showcerts -connect https://host[:port]/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement