Difference between revisions of "OpenSSL"

From DN Wiki
Jump to navigation Jump to search
(5 intermediate revisions by the same user not shown)
Line 8: Line 8:
  openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt
  openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt


== Remove Passphrase from a Key ==
== Convert PEM to PFX ==
  openssl rsa -in MY_CERT.key -out MY_CERT.key
Convert PEM cert and key into a PFX file.
  openssl pkcs12 -export -in MY_CERT.crt -inkey MY_CERT.key -out MY_CERT.pfx


== Validate that Cert and Key Match ==
== Validate that Cert and Key Match ==
If the cert and key are a pair they should generate the same hash.
If the cert and key are a pair they should generate the same hash.
  openssl rsa  –noout –modulus –in MY_CERT.key | openssl md5
  openssl rsa  -noout -modulus -in wild_ubcmain_com.key | openssl md5
  openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5
  openssl x509 -noout -modulus -in wild_ubcmain_com.crt | openssl md5


== Validate Something ==
== Check a certificate ==
Check the key. ''I don't remember what this checked, but it was useful once.''
Check a certificate and return information about it (signing authority, expiration date, etc.):
openssl x509 -in MY_CERT.crt -text -noout
 
== Check a key ==
Check the SSL key and verify the consistency:
  openssl rsa -in MY_CERT.key -check
  openssl rsa -in MY_CERT.key -check
== Check a CSR ==
Verify the CSR and print CSR data filled in when generating the CSR:
openssl req -text -noout -verify -in MY_CERT.csr
== Remove Passphrase from a Key ==
openssl rsa -in MY_CERT.key -out NO_PWD_CERT.key

Revision as of 21:25, 15 March 2022

Using OpenSSL to check and manipulate certs.

Convert PFX to PEM

Extract the key, then the cert, from the PFX. You'll be prompted for password.

openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt

Convert PEM to PFX

Convert PEM cert and key into a PFX file.

openssl pkcs12 -export -in MY_CERT.crt -inkey MY_CERT.key -out MY_CERT.pfx

Validate that Cert and Key Match

If the cert and key are a pair they should generate the same hash.

openssl rsa  -noout -modulus -in wild_ubcmain_com.key | openssl md5
openssl x509 -noout -modulus -in wild_ubcmain_com.crt | openssl md5

Check a certificate

Check a certificate and return information about it (signing authority, expiration date, etc.):

openssl x509 -in MY_CERT.crt -text -noout

Check a key

Check the SSL key and verify the consistency:

openssl rsa -in MY_CERT.key -check

Check a CSR

Verify the CSR and print CSR data filled in when generating the CSR:

openssl req -text -noout -verify -in MY_CERT.csr

Remove Passphrase from a Key

openssl rsa -in MY_CERT.key -out NO_PWD_CERT.key