(1 votes, average: 5.00 out of 5)
Loading...Basic OpenSSL Commands – A Complete Guide
(1 votes, average: 5.00 out of 5)Loading...
A Beginner’s Guide to Explore the Basic OpenSSL Commands
Are you new to OpenSSL and unaware of the basic OpenSSL commands? Don’t worry; we got you covered. This article will explore basic OpenSSL commands commonly used to manage internet servers and perform various other activities, such as troubleshooting. But, before we start with the commands, it will be best to get some idea about – What is OpenSSL and where to use OpenSSL command line?
OpenSSL is a free and popular cryptography library that provides various tools for SSL-related tasks, such as:
- Managing certificates
- Comparing an MD5 hash of the certificate
- Performing encryption and decryption
- Converting a certificate into a different format
- Verifying that the certificate is properly installed or not, etc.
Even though this tool can perform various tasks, it is majorly used in creating CSR and private keys. OpenSSL is an open-source implementation of the SSL protocol that can be used on both Linux and Windows servers. This simply means that the same commands can be used on both platforms, whether it’s a Windows platform or a Linux platform. You can download the latest version of OpenSSL from their official website.
Now, coming back to the main topic – OpenSSL commands.
OpenSSL Commands Line
For a better understanding, let’s divide the commands on the basis of four categories, such as:
- Commands that you use for creating CSR, private keys, and other activities.
- Commands that you use to verify the information
- Commands that you use for troubleshooting
- Commands that you can use for changing certificates and keys into other formats
Note: We will be referring to Private Key as Secret Key.
Commands that you use for creating CSR, secret keys, and other activities
Case 1: For creating a CSR and a secret key, use the following command given below:
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.keyCase 2: For creating a self-signed certificate, use the following command given below:
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crtCase 3: For creating a CSR for a current secret key, use the following command given below:
openssl req -out CSR.csr -key privateKey.key -newCase 4: For creating a CSR based on a current certificate, use the following command given below:
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.keyCase 5: For vacating a passphrase from a secret key, use the following command given below:
openssl rsa -in privateKey.pem -out newPrivateKey.pemCommands that you use to verify the information
Case 1: For creating a CSR and a secret key, use the following command given below:
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.keyCase 2: For creating a self-signed certificate, use the following command given below:
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crtCase 3: For creating a CSR for a current secret key, use the following command given below:
openssl req -out CSR.csr -key privateKey.key -newCase 4: For creating a CSR based on a current certificate, use the following command given below:
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.keyCase 5: For vacating a passphrase from a secret key, use the following command given below:
openssl rsa -in privateKey.pem -out newPrivateKey.pemOpenSSL x509 Commands that you use to verify the information
Case 1: For checking the information within a CSR, use the following command given below:
openssl req -text -noout -verify -in CSR.csrCase 2: For checking the information within a secret key, use the following command given below:
openssl rsa -in privateKey.key -checkCase 3: For checking the information within a certificate, use the following command given below:
openssl x509 -in certificate.crt -text -nooutCase 4: For checking the information within a PKCS#12 file, use the following command given below:
openssl pkcs12 -info -in keyStore.p12
OpenSSL Command to Check Certificate Details for Troubleshooting
Case 1: If you face an issue where:
- Private key and certificate are not the same, or
- The installed certificate is not trusted
Verify that does MD5 hash of the private key is similar to the CSR or secret key, and to do this, use any one of the commands:
openssl x509 -noout -modulus -in certificate.crt | openssl md5openssl rsa -noout -modulus -in privateKey.key | openssl md5 openssl req -noout -modulus -in CSR.csr | openssl md5Case 2: For debugging an SSL connection, use the following command given below:
openssl s_client -connect www.paypal.com:443Commands that you can use for changing certificates and keys into other formats
Case 1: For changing either one of these – .der, .crt, and .cer, files to PEM format, use the following command given below:
openssl x509 -inform der -in certificate.cer -out certificate.pemCase 2: For changing PEM to DER file, use the following command given below:
openssl x509 -outform der -in certificate.pem -out certificate.derCase 3: For changing the format of a file with .p12 or .pfx extension and incorporating certificate files and private key to the file with PEM extension, use the following command given below:
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodesCase 4: For changing the certificate file having .PEM extension and private key to the .p12 or .pfx format, use the following command given below:
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crtConclusion
The article delivers a thorough guide to primary OpenSSL commands classified into four types: creating CSR and secret keys, verifying information, troubleshooting, and changing certificates and keys into other formats. By understanding and using these commands, users can manage their internet servers and troubleshoot any issues.
