OpenSSL: Difference between revisions
Jump to navigation
Jump to search
| Line 19: | Line 19: | ||
== Check a key == | == Check a key == | ||
Check the SSL key and verify the consistency: | Check the SSL key and verify the consistency: | ||
openssl rsa -in | openssl rsa -in MY_CERT.key -check | ||
== Check a CSR == | == Check a CSR == | ||
Revision as of 18:22, 15 April 2021
Using OpenSSL to check and manipulate certs.
Convert PFX to PEM
Extract the key, then the cert, from the PFX. You'll be prompted for password.
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt
Validate that Cert and Key Match
If the cert and key are a pair they should generate the same hash.
openssl rsa –noout –modulus –in MY_CERT.key | openssl md5 openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5
Check a certificate
Check a certificate and return information about it (signing authority, expiration date, etc.):
openssl x509 -in MY_CERT.crt -text -noout
Check a key
Check the SSL key and verify the consistency:
openssl rsa -in MY_CERT.key -check
Check a CSR
Verify the CSR and print CSR data filled in when generating the CSR:
openssl req -text -noout -verify -in server.csr
Remove Passphrase from a Key
openssl rsa -in MY_CERT.key -out NO_PWD_CERT.key