From 8172190fe33c6b5c04d2dbc4f04b8d62898e1d56 Mon Sep 17 00:00:00 2001 From: Michael Schlapa Date: Tue, 17 Mar 2020 22:28:09 +0100 Subject: [PATCH] OpenSSL --- OpenSSL.md | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/OpenSSL.md b/OpenSSL.md index 5d0868e..1024f87 100644 --- a/OpenSSL.md +++ b/OpenSSL.md @@ -1 +1,76 @@ # OpenSSL + +For my SSL keys and certificates I always use: +* `.crt` for the certificates, +* `.key` for the keys and +* `.csr` for the CSRs +While technically not correct I think this is more verbose. + +## General commands + +* Generate a new private key and Certificate Signing Request + +``` +openssl req -out signing_request.csr -new -newkey rsa:2048 -nodes -keyout private_key.key +``` + +* Generate a certificate signing request (CSR) for an existing private key + +``` +openssl req -out signing_request.csr -key private_key.key -new +``` + +* Generate a certificate signing request based on an existing certificate + +``` +openssl x509 -x509toreq -in certificate.crt -out signing_request.csr -signkey private_key.key +``` + +* Remove a passphrase from a private key + +``` +openssl rsa -in old_private_key.key -out new_private_key.key +``` + +## Checking commands + + +* Check a Certificate Signing Request (CSR) + +``` +openssl req -text -noout -verify -in signing_request.csr +``` + +* Check a private key + +``` +openssl rsa -in private_key.key -check +``` + +* Check a certificate + +``` +openssl x509 -in certificate.crt -text -noout +``` + +* Check a PKCS#12 file (.pfx or .p12) + +``` +openssl pkcs12 -info -in keystore.p12 +``` + +## Debugging commands + +* Compare md5 hashes of certificate, key and CSR + +``` +openssl x509 -noout -modulus -in certificate.crt | openssl md5 +openssl rsa -noout -modulus -in privateKey.key | openssl md5 +openssl req -noout -modulus -in CSR.csr | openssl md5 +``` + +* Check an SSL connection. All the certificates (including Intermediates) should be displayed + +``` +openssl s_client -connect www.paypal.com:443 +```