Basic use to create self-signed certificate
| Code Block |
|---|
# Generate SSL privvate key self signed certificate for 10 years openssl req -x509 -newkey rsa:4096 -sha256 -keyout server.key -out cert.crt -days 3650 -nodes |
Create request to sign in some trusted CA
| Code Block |
|---|
openssl req -out server.csr -new -sha256 -newkey rsa:4096 -nodes -keyout server.key cat server.csr |
than submit CSR to CA
Create request if key already exist
| Code Block |
|---|
openssl req -new -key server.key -out server.csr |
Check request
| Code Block |
|---|
openssl req -text -noout -verify -in server.csr |
Check and use certificate
| Code Block |
|---|
# see the certificate openssl x509 -in cert.crt -text -noout # combine certificate and key in pem keypair file cat server.key -out server.crt > keypair.pem |
Check SSL connection
| Code Block |
|---|
openssl s_client -connect server.example.com:443 |
Convert password protected p12 to pem
| Code Block |
|---|
openssl pkcs12 -in key-with-password.p12 -passin pass:password -out key-with-password.pem |
Remove password from PEM private ssl key
| Code Block |
|---|
openssl rsa -in key-with-password.pem -out key.pem |