From DN Wiki
Revision as of 21:25, 15 March 2022 by Dave (talk | contribs)
Jump to navigation Jump to search

Using OpenSSL to check and manipulate certs.

Convert PFX to PEM

Extract the key, then the cert, from the PFX. You'll be prompted for password.

openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt

Convert PEM to PFX

Convert PEM cert and key into a PFX file.

openssl pkcs12 -export -in MY_CERT.crt -inkey MY_CERT.key -out MY_CERT.pfx

Validate that Cert and Key Match

If the cert and key are a pair they should generate the same hash.

openssl rsa  -noout -modulus -in wild_ubcmain_com.key | openssl md5
openssl x509 -noout -modulus -in wild_ubcmain_com.crt | openssl md5

Check a certificate

Check a certificate and return information about it (signing authority, expiration date, etc.):

openssl x509 -in MY_CERT.crt -text -noout

Check a key

Check the SSL key and verify the consistency:

openssl rsa -in MY_CERT.key -check

Check a CSR

Verify the CSR and print CSR data filled in when generating the CSR:

openssl req -text -noout -verify -in MY_CERT.csr

Remove Passphrase from a Key

openssl rsa -in MY_CERT.key -out NO_PWD_CERT.key