From DN Wiki
Revision as of 20:01, 10 March 2021 by Dave (talk | contribs)
Jump to navigation Jump to search

Using OpenSSL to check and manipulate certs.

Convert PFX to PEM

Extract the key, then the cert, from the PFX. You'll be prompted for password.

openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt

Remove Passphrase from a Key

openssl rsa -in MY_CERT.key -out MY_CERT.key

Validate that Cert and Key Match

If the cert and key are a pair they should generate the same hash.

openssl rsa  –noout –modulus –in MY_CERT.key | openssl md5
openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5

Validate Something

Check the key. I don't remember what this checked, but it was useful once.

openssl rsa -in MY_CERT.key -check