Basic OpenSSL Commands to Generate Key Pair and Verify Certificate Details

1 Star2 Stars3 Stars4 Stars5 Stars (14 votes, average: 5.00 out of 5)
Loading...
Common OpenSSL Commands

Are you new to OpenSSL and unaware of the basic OpenSSL commands? Don’t worry; we’ve got you covered. This article will explore basic OpenSSL commands commonly used to manage internet servers and perform various other activities, such as troubleshooting.

But, before we start with the commands, it will be best to get some idea about what OpenSSL is and where to use the OpenSSL command line.

What is OpenSSL?

OpenSSL is a free and popular cryptography library that provides various tools for SSL-related tasks, such as:

  • Managing certificates
  • Comparing an MD5 hash of the certificate
  • Performing encryption and decryption
  • Converting a certificate into a different format
  • Verify whether the certificate is installed correctly, etc.

Even though this tool can perform various tasks, it is mainly used to create CSR and private keys. OpenSSL is an open-source implementation of the SSL protocol that can be used on both Linux and Windows servers.

This means the same commands can be used on both platforms, whether Windows or Linux. You can download the latest version of OpenSSL from their official website.

Now, coming back to the main topic – OpenSSL commands.

OpenSSL Commands Line

For a better understanding, let’s divide the commands into four categories, such as:

  • You use commands to create CSR, private keys, and other activities.
  • The commands that you use to verify the information
  • Commands that you use for troubleshooting
  • Commands that you can use for changing certificates and keys into other formats

Note: We will be referring to the Private Key as Secret Key.

Commands to Create CSR, Secret Keys, and Other Activities

For creating a CSR and a secret key, use the following command given below:

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

For creating a self-signed certificate, use the following command given below:

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

For creating a CSR for a current secret key, use the following command given below:

openssl req -out CSR.csr -key privateKey.key -new

For creating a CSR based on a current certificate, use the following command given below:

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

For vacating a passphrase from a secret key, use the following command given below:

openssl rsa -in privateKey.pem -out newPrivateKey.pem

OpenSSL x509 Commands to Verify the Information

For checking the information within a CSR, use the following command given below:

openssl req -text -noout -verify -in CSR.csr

For checking the information within a secret key, use the following command given below:

openssl rsa -in privateKey.key -check

For checking the information within a certificate, use the following command given below:

openssl x509 -in certificate.crt -text -noout

For checking the information within a PKCS#12 file, use the following command given below:

openssl pkcs12 -info -in keyStore.p12

OpenSSL Command to Check Certificate Details for Troubleshooting

If you face an issue where:

  • Private key and certificate are not the same, or
  • The installed certificate is not trusted

Verify that the MD5 hash of the private key is similar to the CSR or secret key, and to do this, use any one of the commands:

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
 openssl req -noout -modulus -in CSR.csr | openssl md5

For debugging an SSL connection, use the following command given below:

openssl s_client -connect www.paypal.com:443

Commands for Changing Certificates and Keys into Other Formats

For changing either one of these – .der, .crt, and .cer files to PEM format, use the following command given below:

openssl x509 -inform der -in certificate.cer -out certificate.pem

For changing PEM to DER file, use the following command given below:

openssl x509 -outform der -in certificate.pem -out certificate.der

For changing the format of a file with .p12 or .pfx extension and incorporating certificate files and private key to the file with PEM extension, use the following command given below:

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

For changing the certificate file having .PEM extension and private key to the .p12 or .pfx format, use the following command given below:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Conclusion

The article delivers a thorough guide to primary OpenSSL commands classified into four types: creating CSR and secret keys, verifying information, troubleshooting, and changing certificates and keys into other formats.

By understanding and using these commands, users can manage their internet servers and troubleshoot any issues.

Fix Not Secure Website Warning

Immediately Fix “Connection not Secure & other Browser Security Warnings with Trusted SSL Certificates.

Buy at Just $3.99/Yr
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast having 7+ years of experience and knowledge about Encryption, Digital Certificates and Online Security, She helps online users to stay safe and protect their online presence. Explore SSL Errors, Installation Guide and Security Tutorials for Safe Browsing and Web Security Experience.