Difference between revisions of "OpenSSL"

From DN Wiki
Jump to navigation Jump to search
Line 13: Line 13:
== Validate that Cert and Key Match ==
== Validate that Cert and Key Match ==
If the cert and key are a pair they should generate the same hash.
If the cert and key are a pair they should generate the same hash.
  openssl rsa –noout –modulus –in MY_CERT.key | openssl md5
  openssl rsa –noout –modulus –in MY_CERT.key | openssl md5
  openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5
  openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5



Revision as of 20:01, 10 March 2021

Using OpenSSL to check and manipulate certs.

Convert PFX to PEM

Extract the key, then the cert, from the PFX. You'll be prompted for password.

openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt

Remove Passphrase from a Key

openssl rsa -in MY_CERT.key -out MY_CERT.key

Validate that Cert and Key Match

If the cert and key are a pair they should generate the same hash.

openssl rsa  –noout –modulus –in MY_CERT.key | openssl md5
openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5

Validate Something

Check the key. I don't remember what this checked, but it was useful once.

openssl rsa -in MY_CERT.key -check