OpenSSL

OpenSSL.md

@@ -12,10 +12,10 @@ While technically not correct, I think this is more verbose.
 ### Generate a new private key
 
 The `-pkeyopt rsa_keygen_bits:2048` determines the key length. The default value is 1024.
-`-outform PEM` controls the form of the key. Values are `PEM` and `DER`.
+`-outform PEM` controls the form of the key. Values are `PEM` and `DER`. If you want to encrypt the key add the following parameters: `-aes-128-cbc -pass pass:test123`. Instead of `-aes-128-cbc` you can use other ciphers (e.g. `-des3`). If you omit the `-pass` argument you will be asked for a password.
 
 ```
-openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform PEM -out key.key
+openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform PEM -out private_key.key
 ```
 
 ### Generate a new private key and Certificate Signing Request
@@ -71,7 +71,7 @@ openssl rsa -check -in private_key.key
 ### Check a certificate
 
 ```
-openssl x509 -in certificate.crt -text -noout
+openssl x509 -text -noout -in certificate.crt
 ```
 
 ### Check a PKCS#12 file (.pfx or .p12)
@@ -86,8 +86,8 @@ openssl pkcs12 -info -in keystore.p12
 
 ```
 openssl x509 -noout -modulus -in certificate.crt | openssl md5
-openssl rsa -noout -modulus -in privateKey.key | openssl md5
-openssl req -noout -modulus -in CSR.csr | openssl md5
+openssl rsa -noout -modulus -in private_key.key | openssl md5
+openssl req -noout -modulus -in signing_request.csr | openssl md5
 ```
 
 ### Check an SSL connection.
@@ -95,5 +95,5 @@ openssl req -noout -modulus -in CSR.csr | openssl md5
 All certificates (including intermediates) should be displayed.
 
 ```
-openssl s_client -connect schlapa.eutea.forkmissile.de:443
+openssl s_client -connect gitea.forkmissile.de:443
 ```