From 8cd837fdd2d46103fcc59a0a42d347c7d0c042e8 Mon Sep 17 00:00:00 2001 From: Michael Schlapa Date: Tue, 17 Mar 2020 23:00:06 +0100 Subject: [PATCH] OpenSSL --- OpenSSL.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/OpenSSL.md b/OpenSSL.md index 637e221..ef1cc6f 100644 --- a/OpenSSL.md +++ b/OpenSSL.md @@ -12,10 +12,10 @@ While technically not correct, I think this is more verbose. ### Generate a new private key The `-pkeyopt rsa_keygen_bits:2048` determines the key length. The default value is 1024. -`-outform PEM` controls the form of the key. Values are `PEM` and `DER`. +`-outform PEM` controls the form of the key. Values are `PEM` and `DER`. If you want to encrypt the key add the following parameters: `-aes-128-cbc -pass pass:test123`. Instead of `-aes-128-cbc` you can use other ciphers (e.g. `-des3`). If you omit the `-pass` argument you will be asked for a password. ``` -openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform PEM -out key.key +openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform PEM -out private_key.key ``` ### Generate a new private key and Certificate Signing Request @@ -71,7 +71,7 @@ openssl rsa -check -in private_key.key ### Check a certificate ``` -openssl x509 -in certificate.crt -text -noout +openssl x509 -text -noout -in certificate.crt ``` ### Check a PKCS#12 file (.pfx or .p12) @@ -86,8 +86,8 @@ openssl pkcs12 -info -in keystore.p12 ``` openssl x509 -noout -modulus -in certificate.crt | openssl md5 -openssl rsa -noout -modulus -in privateKey.key | openssl md5 -openssl req -noout -modulus -in CSR.csr | openssl md5 +openssl rsa -noout -modulus -in private_key.key | openssl md5 +openssl req -noout -modulus -in signing_request.csr | openssl md5 ``` ### Check an SSL connection. @@ -95,5 +95,5 @@ openssl req -noout -modulus -in CSR.csr | openssl md5 All certificates (including intermediates) should be displayed. ``` -openssl s_client -connect schlapa.eutea.forkmissile.de:443 +openssl s_client -connect gitea.forkmissile.de:443 ```