OpenSSL: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Category:Network Category:Software <div style="float:right;">__TOC__</div> Using OpenSSL to check and manipulate certs. == TITLE == Check the key. openssl rsa -in MY...") |
No edit summary |
||
| (8 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
Using OpenSSL to check and manipulate certs. | Using OpenSSL to check and manipulate certs. | ||
== | == Convert PFX to PEM == | ||
Check the key | Extract the key, then the cert, from the PFX. You'll be prompted for password. | ||
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key | |||
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt | |||
== Convert PEM to PFX == | |||
Convert PEM cert and key into a PFX file. | |||
openssl pkcs12 -export -in MY_CERT.crt -inkey MY_CERT.key -out MY_CERT.pfx | |||
== Validate that Cert and Key Match == | |||
If the cert and key are a pair they should generate the same hash. | |||
openssl rsa -noout -modulus -in wild_ubcmain_com.key | openssl md5 | |||
openssl x509 -noout -modulus -in wild_ubcmain_com.crt | openssl md5 | |||
== Check a certificate == | |||
Check a certificate and return information about it (signing authority, expiration date, etc.): | |||
openssl x509 -in MY_CERT.crt -text -noout | |||
== Check a key == | |||
Check the SSL key and verify the consistency: | |||
openssl rsa -in MY_CERT.key -check | openssl rsa -in MY_CERT.key -check | ||
== Check a CSR == | |||
Verify the CSR and print CSR data filled in when generating the CSR: | |||
openssl req -text -noout -verify -in MY_CERT.csr | |||
== Remove Passphrase from a Key == | |||
openssl rsa -in MY_CERT.key -out NO_PWD_CERT.key | |||
Revision as of 21:25, 15 March 2022
Using OpenSSL to check and manipulate certs.
Convert PFX to PEM
Extract the key, then the cert, from the PFX. You'll be prompted for password.
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt
Convert PEM to PFX
Convert PEM cert and key into a PFX file.
openssl pkcs12 -export -in MY_CERT.crt -inkey MY_CERT.key -out MY_CERT.pfx
Validate that Cert and Key Match
If the cert and key are a pair they should generate the same hash.
openssl rsa -noout -modulus -in wild_ubcmain_com.key | openssl md5 openssl x509 -noout -modulus -in wild_ubcmain_com.crt | openssl md5
Check a certificate
Check a certificate and return information about it (signing authority, expiration date, etc.):
openssl x509 -in MY_CERT.crt -text -noout
Check a key
Check the SSL key and verify the consistency:
openssl rsa -in MY_CERT.key -check
Check a CSR
Verify the CSR and print CSR data filled in when generating the CSR:
openssl req -text -noout -verify -in MY_CERT.csr
Remove Passphrase from a Key
openssl rsa -in MY_CERT.key -out NO_PWD_CERT.key