{"id":6139,"date":"2016-08-03T16:18:43","date_gmt":"2016-08-03T08:18:43","guid":{"rendered":"http:\/\/rmohan.com\/?p=6139"},"modified":"2016-08-03T16:18:43","modified_gmt":"2016-08-03T08:18:43","slug":"openssl-command-reference","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=6139","title":{"rendered":"OpenSSL command reference"},"content":{"rendered":"<p><strong>OpenSSL command reference<\/strong><br \/>\nGeneral OpenSSL commands<br \/>\ncommands to generate CSRs, Certificates, Private Keys and other tasks.<\/p>\n<p>Generate a new private key and matching certificate signing request (Unix) <\/p>\n<p>openssl req -out CSR.csr -pubkey -new -keyout privateKey.key<br \/>\nGenerate a new private key and matching certificate signing request (Windows)<\/p>\n<p>openssl req -out CSR.csr -pubkey -new -keyout privateKey.key -config .shareopenssl.cmf<br \/>\nGenerate a certificate signing request for an existing private key<\/p>\n<p>openssl req -out CSR.csr -key privateKey.key -new<br \/>\nGenerate a certificate signing request based on an existing x509 certificate<\/p>\n<p>openssl x509 -x509toreq -in MYCRT.crt -out CSR.csr -signkey privateKey.key<br \/>\nDecrypt private key<\/p>\n<p>openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt<br \/>\nRemove a passphrase from a private key<\/p>\n<p>openssl rsa -in privateKey.pem -out newPrivateKey.pem<br \/>\nChecking commands<br \/>\nCheck a certificate signing request <\/p>\n<p>openssl req -text -noout -verify -in CSR.csr<br \/>\nCheck a private key<\/p>\n<p>openssl rsa -in privateKey.key -check<br \/>\nCheck a certificate<\/p>\n<p>openssl x509 -in certificate.crt -text -noout<br \/>\nCheck a PKCS#12 keystore<\/p>\n<p>openssl pkcs12 -info -in keyStore.p12<br \/>\nDebugging commands<br \/>\ncommands to debug a SSL connection<\/p>\n<p>Check the MD5 hash of the public key<\/p>\n<p>openssl x509 -noout -modulus -in certificate.crt | openssl md5<br \/>\nopenssl rsa -noout -modulus -in privateKey.key | openssl md5<br \/>\nopenssl req -noout -modulus -in CSR.csr | openssl md5<br \/>\nCheck an SSL connection. All certificates (also intermediates) should be shown<\/p>\n<p>openssl s_client -connect https:\/\/www.paypal.com:443<br \/>\nConverting commands<br \/>\nUse the following commands to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file for use with Tomcat or IIS.<\/p>\n<p>Convert DER (.crt .cer .der) to PEM<\/p>\n<p>openssl x509 -outform der -in certificate.cer -out certificate.der<\/p>\n<p>openssl x509 -inform der -in certificate.der -out certificate.pem<br \/>\nConvert PEM to DER<\/p>\n<p>openssl x509 -outform der -in certificate.pem -out certificate.der<br \/>\nConvert PKCS#12 (.pfx .p12) to PEM containing both private key and certificates<\/p>\n<p>openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes<br \/>\n    add -nocerts for private key only; add -nokeys for certificates only<br \/>\nConvert (add) a seperate key and certificate to a new keystore of type PKCS#12<\/p>\n<p>openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.cr<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenSSL command reference General OpenSSL commands commands to generate CSRs, Certificates, Private Keys and other tasks.<\/p>\n<p>Generate a new private key and matching certificate signing request (Unix) <\/p>\n<p>openssl req -out CSR.csr -pubkey -new -keyout privateKey.key Generate a new private key and matching certificate signing request (Windows)<\/p>\n<p>openssl req -out CSR.csr -pubkey -new -keyout privateKey.key [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6139"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6139"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6139\/revisions"}],"predecessor-version":[{"id":6140,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6139\/revisions\/6140"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}