Difference between revisions of "OpenSSL"
Jump to navigation
Jump to search
| Line 13: | Line 13: | ||
== Validate that Cert and Key Match == | == Validate that Cert and Key Match == | ||
If the cert and key are a pair they should generate the same hash. | If the cert and key are a pair they should generate the same hash. | ||
openssl rsa –noout –modulus –in MY_CERT.key | openssl md5 | openssl rsa –noout –modulus –in MY_CERT.key | openssl md5 | ||
openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5 | openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5 | ||
Revision as of 20:01, 10 March 2021
Using OpenSSL to check and manipulate certs.
Convert PFX to PEM
Extract the key, then the cert, from the PFX. You'll be prompted for password.
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt
Remove Passphrase from a Key
openssl rsa -in MY_CERT.key -out MY_CERT.key
Validate that Cert and Key Match
If the cert and key are a pair they should generate the same hash.
openssl rsa –noout –modulus –in MY_CERT.key | openssl md5 openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5
Validate Something
Check the key. I don't remember what this checked, but it was useful once.
openssl rsa -in MY_CERT.key -check