Basic OpenSSL Commands – A Complete Guide

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...
OpenSSL Commands Line

A Beginner’s Guide to Explore the Basic OpenSSL Commands

Are you new to OpenSSL and unaware of the basic OpenSSL commands? Don’t worry; we got you covered. This article will explore basic OpenSSL commands commonly used to manage internet servers and perform various other activities, such as troubleshooting. But, before we start with the commands, it will be best to get some idea about – What is OpenSSL and where to use OpenSSL command line?

OpenSSL is a free and popular cryptography library that provides various tools for SSL-related tasks, such as:

  • Managing certificates
  • Comparing an MD5 hash of the certificate
  • Performing encryption and decryption
  • Converting a certificate into a different format
  • Verifying that the certificate is properly installed or not, etc.

Even though this tool can perform various tasks, it is majorly used in creating CSR and private keys. OpenSSL is an open-source implementation of the SSL protocol that can be used on both Linux and Windows servers. This simply means that the same commands can be used on both platforms, whether it’s a Windows platform or a Linux platform. You can download the latest version of OpenSSL from their official website.

Now, coming back to the main topic – OpenSSL commands.

OpenSSL Commands Line

For a better understanding, let’s divide the commands on the basis of four categories, such as:

  • Commands that you use for creating CSR, private keys, and other activities.
  • Commands that you use to verify the information
  • Commands that you use for troubleshooting
  • Commands that you can use for changing certificates and keys into other formats

Note: We will be referring to Private Key as Secret Key.

Commands that you use for creating CSR, secret keys, and other activities

Case 1: For creating a CSR and a secret key, use the following command given below:

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

Case 2: For creating a self-signed certificate, use the following command given below:

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

Case 3: For creating a CSR for a current secret key, use the following command given below:

openssl req -out CSR.csr -key privateKey.key -new

Case 4: For creating a CSR based on a current certificate, use the following command given below:

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

Case 5: For vacating a passphrase from a secret key, use the following command given below:

openssl rsa -in privateKey.pem -out newPrivateKey.pem

Commands that you use to verify the information

Case 1: For creating a CSR and a secret key, use the following command given below:

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

Case 2: For creating a self-signed certificate, use the following command given below:

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

Case 3: For creating a CSR for a current secret key, use the following command given below:

openssl req -out CSR.csr -key privateKey.key -new

Case 4: For creating a CSR based on a current certificate, use the following command given below:

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

Case 5: For vacating a passphrase from a secret key, use the following command given below:

openssl rsa -in privateKey.pem -out newPrivateKey.pem

OpenSSL x509 Commands that you use to verify the information

Case 1: For checking the information within a CSR, use the following command given below:

openssl req -text -noout -verify -in CSR.csr

Case 2: For checking the information within a secret key, use the following command given below:

openssl rsa -in privateKey.key -check

Case 3: For checking the information within a certificate, use the following command given below:

openssl x509 -in certificate.crt -text -noout

Case 4: For checking the information within a PKCS#12 file, use the following command given below:

openssl pkcs12 -info -in keyStore.p12

OpenSSL Command to Check Certificate Details for Troubleshooting

Case 1: If you face an issue where:

  • Private key and certificate are not the same, or
  • The installed certificate is not trusted

Verify that does MD5 hash of the private key is similar to the CSR or secret key, and to do this, use any one of the commands:

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
 openssl req -noout -modulus -in CSR.csr | openssl md5

Case 2: For debugging an SSL connection, use the following command given below:

openssl s_client -connect www.paypal.com:443

Commands that you can use for changing certificates and keys into other formats

Case 1: For changing either one of these – .der, .crt, and .cer, files to PEM format, use the following command given below:

openssl x509 -inform der -in certificate.cer -out certificate.pem

Case 2: For changing PEM to DER file, use the following command given below:

openssl x509 -outform der -in certificate.pem -out certificate.der

Case 3: For changing the format of a file with .p12 or .pfx extension and incorporating certificate files and private key to the file with PEM extension, use the following command given below:

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Case 4: For changing the certificate file having .PEM extension and private key to the .p12 or .pfx format, use the following command given below:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Conclusion

The article delivers a thorough guide to primary OpenSSL commands classified into four types: creating CSR and secret keys, verifying information, troubleshooting, and changing certificates and keys into other formats. By understanding and using these commands, users can manage their internet servers and troubleshoot any issues.

Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.

Cheap Wildcard SSL