Difference between revisions of "OpenSSL"

Revision as of 20:31, 10 March 2021

Using OpenSSL to check and manipulate certs.

Extract the key, then the cert, from the PFX. You'll be prompted for password.

openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt

If the cert and key are a pair they should generate the same hash.

openssl rsa  –noout –modulus –in MY_CERT.key | openssl md5
openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5

Check a certificate and return information about it (signing authority, expiration date, etc.):

openssl x509 -in MY_CERT.crt -text -noout

Check the SSL key and verify the consistency:

openssl rsa -in server.key -check

Verify the CSR and print CSR data filled in when generating the CSR:

openssl req -text -noout -verify -in server.csr

openssl rsa -in MY_CERT.key -out MY_CERT.key

@@ Line 7: / Line 7: @@
   openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key
   openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt
-== Remove Passphrase from a Key ==
- openssl rsa -in MY_CERT.key -out MY_CERT.key
 == Validate that Cert and Key Match ==
@@ Line 16: / Line 13: @@
   openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5
-== Validate Something ==
+== Check a certificate ==
-Check the key. ''I don't remember what this checked, but it was useful once.''
+Check a certificate and return information about it (signing authority, expiration date, etc.):
-  openssl rsa -in MY_CERT.key -check
+ openssl x509 -in MY_CERT.crt -text -noout
+== Check a key ==
+Check the SSL key and verify the consistency:
+ openssl rsa -in server.key -check
+== Check a CSR ==
+Verify the CSR and print CSR data filled in when generating the CSR:
+ openssl req -text -noout -verify -in server.csr
+== Remove Passphrase from a Key ==
+  openssl rsa -in MY_CERT.key -out MY_CERT.key