OpenSSL Cheatsheet
CSR
- Create a CSR with an existing private key
openssl req -out CSR.csr -key privateKey.key -new
- Create a CSR with a brand new private key
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
- Create a CSR from an existing certificate
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
- Check a CSR
openssl req -text -noout -verify -in CSR.csr
Certificates
- Generate a self-signed certificate
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
- Check a certificate
openssl x509 -in certificate.crt -text -noout
- Convert to PEM (from .der, .cer or .crt)
openssl x509 -inform der -in certificate.cer -out certificate.pem
- Get server certificate and chain
openssl s_client -connect www.paypal.com:443
Private Keys
- Remove a passphrase from a private key
openssl rsa -in privateKey.pem -out newPrivateKey.pem
- Check a private key
openssl rsa -in privateKey.key -check
PKCS12
- Check a PKCS#12 file
openssl pkcs12 -info -in keyStore.p12
- Convert to PEM
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
PEM
- Convert to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
- Convert to PKCS#12
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
Checking Certificate vs Private Key
- Certificate signature
openssl x509 -noout -modulus -in certificate.crt | openssl md5
- CSR signature
openssl req -noout -modulus -in CSR.csr | openssl md5
- Private key signature
openssl rsa -noout -modulus -in privateKey.key | openssl md5
Encode or Decode
- Encode to base64
openssl enc -base64 <<< "Hello, World!"
openssl base64 -in <infile> -out <outfile>
- Decode from base64
openssl enc -base64 -d <<< SGVsbG8sIFdvcmxkIQo=
openssl base64 -d -in <infile> -out <outfile>
Utilities
- Generate random
openssl rand -base64 10
openssl rand -hex 10
- Get a list of available ciphers
openssl list-cipher-algorithms
Back to Table of Contents
Disclaimer
- License under
CC BY-NC 4.0
- Copyright issue feedback
me#imzye.com
, replace # with @ - Not all the commands and scripts are tested in production environment, use at your own risk
- No personal information is collected.
Feedback