List of some useful openssl commands

05 Apr 2022

Matteo Mattei

security openssl ssl encryption certificates

This is a list of some useful openssl commands I used. Just a brief description of what you need to to and the actual command, no more!

Verify if a certificate belongs to a CA:

openssl verify -CAfile ca.pem certificate.pem

Verify if a certificate and a key matches (hashes must be equal):

openssl x509 -noout -modulus -in certificate.pem | openssl md5
openssl rsa -noout -modulus -in key.pem | openssl md5

Print certificate information

openssl x509 -in certificate.pem -noout -text

Check a CSR:

openssl req -text -noout -verify -in csr.pem

Check a private key:

openssl rsa -in key.pem -check

Check a PKCS12:

openssl pkcs12 -info -in key.p12

Generate key and certificate (CA)

openssl req -new -x509 -days 365 -keyout ca-key.pem -out ca-cert.pem

Generate a randomic private key of 4096 bits

openssl genrsa -out privkey.pem 4096

Generate a CSR (certificate signing request):

openssl req -new -sha256 -key privkey.pem -out csr.pem

Generate a certificate starting from CSR and sign it with the CA:

openssl x509 -req -days 365 -in csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out certificate.pem

Convert pkcs7 certificate to pem:

openssl pkcs7 -inform der -in certificate.p7c -print_certs -out certificate.pem

Convert pfx file to pem (certificate + private key):

openssl pkcs12 -in file.pfx -nocerts -out privkey.pem
openssl pkcs12 -in file.pfx -clcerts -nokeys -out cert.pem

// remove password from the private key
openssl rsa -in privkey.pem -out key.pem

List of some useful openssl commands

Related Posts

Full web server setup with Debian 12 (Bookworm) 23 Jul 2024

Full web server setup with Debian 11 (Bullseye) 05 Nov 2022

Convert old NodeJs applications to ES6 modules 23 Dec 2021