Difference between revisions of "OpenSSL"
Jump to navigation
Jump to search
| Line 7: | Line 7: | ||
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key | openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key | ||
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt | openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt | ||
== Remove Passphrase from a Key == | |||
openssl rsa -in MY_CERT.key -out MY_CERT.key | |||
== Validate that Cert and Key Match == | |||
If the cert and key are a pair they should generate the same hash. | |||
openssl rsa –noout –modulus –in MY_CERT.key | openssl md5 | |||
openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5 | |||
== Validate Something == | == Validate Something == | ||
Check the key. | Check the key. ''I don't remember what this checked, but it was useful once.'' | ||
openssl rsa -in MY_CERT.key -check | openssl rsa -in MY_CERT.key -check | ||
Revision as of 19:59, 10 March 2021
Using OpenSSL to check and manipulate certs.
Convert PFX to PEM
Extract the key, then the cert, from the PFX. You'll be prompted for password.
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt
Remove Passphrase from a Key
openssl rsa -in MY_CERT.key -out MY_CERT.key
Validate that Cert and Key Match
If the cert and key are a pair they should generate the same hash.
openssl rsa –noout –modulus –in MY_CERT.key | openssl md5 openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5
Validate Something
Check the key. I don't remember what this checked, but it was useful once.
openssl rsa -in MY_CERT.key -check