ORACLE-SOLUTIONS - SSL configuration.

OpenSSL commands

This manual describes descibes some usefull commands for a ssl configuration.

Create Private Key and CSR

openssl req -out CSR.csr -pubkey -new -keyout privateKey.key

1	openssl req -out CSR.csr -pubkey -new -keyout privateKey.key

Create CSR from an existing Private Key

openssl req -out CSR.csr -key privateKey.key -new

1	openssl req -out CSR.csr -key privateKey.key -new

Create CSR from an existing Certificate

openssl x509 -x509toreq -in MYCRT.crt -out CSR.csr -signkey privateKey.key

1	openssl x509 -x509toreq -in MYCRT.crt -out CSR.csr -signkey privateKey.key

Create a self-signed Certificate (crt)

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

1	openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

Remove password from Private Key

openssl rsa -in privateKey.pem -out newPrivateKey.pem

1	openssl rsa -in privateKey.pem -out newPrivateKey.pem

Convert Certificate OpenSSL

Onderstaande commando’s zijn voor het converteren van een file formaat naar het andere file formaat.

Converteer een DER file (.crt .cer .der) naar PEM

openssl x509 -outform der -in certificate.cer -out certificate.der

openssl x509 -inform der -in certificate.der -out certificate.pem

Converteer een PEM file naar DER

openssl x509 -outform der -in certificate.pem -out certificate.der

1	openssl x509 -outform der -in certificate.pem -out certificate.der

Converteer een PKCS#12 file (.pfx .p12)

Een pem bestand bevat een private key en certifica(a)t(en)

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

1	openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Voeg toe -nocert om alleen de private key om te zetten, of voeg toe -nokeys om alleen de certificaten om te zetten.

Converteer een PEM certificaat file en een private key naar PKCS#12 (.pfx .p12)

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

1	openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Controle CSR, Private Key of Certificaat met OpenSSL

With the following command you can check the information contained in a certificate, CSR and Private Key .

Check a CSR

openssl req -text -noout -verify -in CSR.csr

1	openssl req -text -noout -verify -in CSR.csr

Check a Private Key

openssl rsa -in privateKey.key -check

1	openssl rsa -in privateKey.key -check

Check a Certificate

openssl x509 -in certificate.crt -text -noout

1	openssl x509 -in certificate.crt -text -noout

Check a PKCS#12 file (.pfx .p12)

openssl pkcs12 -info -in keyStore.p12

1	openssl pkcs12 -info -in keyStore.p12

Read a certificaat (.cer, .crt)

keytool -printcert -file key.cer {-v}

1	keytool -printcert -file key.cer {-v}

Debug OpenSSL

Error messages such as ” Private Key does not match the certificate ” or ” Certificate is not trusted, can be debuged by use of the following commands ..

Check a MD5 hash from a public key

With the following commands you can determine whether the information is the same in a Private Key .

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5

openssl x509 -noout -modulus -in certificate.crt | openssl md5

openssl rsa -noout -modulus -in privateKey.key | openssl md5

openssl req -noout -modulus -in CSR.csr | openssl md5

Please let me know if this manual ‘SSL Configuratie’ was usefull to you. If there are errors or you have suggestions regarding this manual, please let me know.

No rights can be derived from this manual

Regards,

Maarten

SSL Configuration

OpenSSL commands

Convert Certificate OpenSSL

Controle CSR, Private Key of Certificaat met OpenSSL

Debug OpenSSL

Maarten Schoonus

Leave a Reply