From DN Wiki
Jump to navigation Jump to search

Using OpenSSL to check and manipulate certs.

Convert PFX to PEM

Extract the key, then the cert, from the PFX. You'll be prompted for password.

openssl pkcs12 -in MY_CERT_AND_KEY.pfx -nocerts -out MY_CERT.key
openssl pkcs12 -in MY_CERT_AND_KEY.pfx -clcerts -nokeys -out MY_CERT.crt

Validate that Cert and Key Match

If the cert and key are a pair they should generate the same hash.

openssl rsa  –noout –modulus –in MY_CERT.key | openssl md5
openssl x509 –noout –modulus –in MY_CERT.crt | openssl md5

Check a certificate

Check a certificate and return information about it (signing authority, expiration date, etc.):

openssl x509 -in MY_CERT.crt -text -noout

Check a key

Check the SSL key and verify the consistency:

openssl rsa -in MY_CERT.key -check

Check a CSR

Verify the CSR and print CSR data filled in when generating the CSR:

openssl req -text -noout -verify -in server.csr

Remove Passphrase from a Key

openssl rsa -in MY_CERT.key -out NO_PWD_CERT.key