Handy OpenSSL Commands

To convert a certificate from PEM to DER:
  • openssl x509 -in cert.txt -inform PEM -out cert.bin -outform DER
To convert a certificate from DER to PEM:
  • openssl x509 -in cert.bin -inform DER -out cert.txt -outform PEM
To convert a key from PEM to DER:
  • openssl rsa -in key.txt -inform PEM -out key.bin -outform DER
To convert a key from DER to PEM:
  • openssl rsa -in key.bin -inform DER -out key.txt -outform PEM
Convert a PEM+KEY to PKCS12:
  • openssl pkcs12 -export -out client.pfx -inkey keyfile.txt -in cert.txt -certfile root.txt
Extract Private Key from PKCS12:
  • openssl pkcs12 -in client.pfx -nocerts -out keyfile.txt
Extract Public Cert from PKCS12:
  • openssl pkcs12 -in client.pfx -clcerts -nokeys -out cert.txt
Remove Password from Private Key:
  • openssl rsa -in keyfile.txt -out unpassworded.txt
Generate a client key:
  • openssl genrsa -out client.key 4096
Build a certificate request:
  • openssl req -key client.key -new -out client.req
Build a certificate request (advanced):
  • openssl req -new -newkey rsa:2048 -nodes -keyout key.txt -out certreq.txt -days 3650
Display Certificate Details:
  • openssl x509 -text -in cert.txt
Test a SSL Host w/certificate:
  • openssl s_client -connect your.ssl.site:443 -CApath c:\rootcerts -cert test.cer -key test.key


Thanks to the following internet sources for their contributions to this document


Comments

Popular posts from this blog

PRB: Windows 8, MSXML4 Application Error 429: ActiveX component can't create object

Installing OTRS 4.0 on Ubuntu Linux 14.04 with a MSSQL Backend

Getting Started with GitHub and Visual Studio 2017