OpenSSL commands
This manual describes descibes some usefull commands for a ssl configuration.
Create Private Key and CSR
1 |
openssl req -out CSR.csr -pubkey -new -keyout privateKey.key |
Create CSR from an existing Private Key
1 |
openssl req -out CSR.csr -key privateKey.key -new |
Create CSR from an existing Certificate
1 |
openssl x509 -x509toreq -in MYCRT.crt -out CSR.csr -signkey privateKey.key |
Create a self-signed Certificate (crt)
1 |
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt |
Remove password from Private Key
1 |
openssl rsa -in privateKey.pem -out newPrivateKey.pem |
Convert Certificate OpenSSL
Onderstaande commando’s zijn voor het converteren van een file formaat naar het andere file formaat.
Converteer een DER file (.crt .cer .der) naar PEM
openssl x509 -outform der -in certificate.cer -out certificate.der
openssl x509 -inform der -in certificate.der -out certificate.pem
Converteer een PEM file naar DER
1 |
openssl x509 -outform der -in certificate.pem -out certificate.der |
Converteer een PKCS#12 file (.pfx .p12)
Een pem bestand bevat een private key en certifica(a)t(en)
1 |
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes |
Voeg toe -nocert om alleen de private key om te zetten, of voeg toe -nokeys om alleen de certificaten om te zetten.
1 |
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt |
Controle CSR, Private Key of Certificaat met OpenSSL
With the following command you can check the information contained in a certificate, CSR and Private Key .
Check a CSR
1 |
openssl req -text -noout -verify -in CSR.csr |
Check a Private Key
1 |
openssl rsa -in privateKey.key -check |
Check a Certificate
1 |
openssl x509 -in certificate.crt -text -noout |
Check a PKCS#12 file (.pfx .p12)
1 |
openssl pkcs12 -info -in keyStore.p12 |
Read a certificaat (.cer, .crt)
1 |
keytool -printcert -file key.cer {-v} |
Debug OpenSSL
Error messages such as ” Private Key does not match the certificate ” or ” Certificate is not trusted, can be debuged by use of the following commands ..
Check a MD5 hash from a public key
With the following commands you can determine whether the information is the same in a Private Key .
1 2 3 |
openssl x509 -noout -modulus -in certificate.crt | openssl md5 openssl rsa -noout -modulus -in privateKey.key | openssl md5 openssl req -noout -modulus -in CSR.csr | openssl md5 |
Please let me know if this manual ‘SSL Configuratie’ was usefull to you. If there are errors or you have suggestions regarding this manual, please let me know.
No rights can be derived from this manual
Regards,
Maarten