See cert info

openssl x509 -in cert.crt -text -noout

Basic use to create self-signed certificate

# Generate SSL private key self signed certificate for 10 years
openssl req -x509 -newkey rsa:4096 -sha256 -keyout server.key -out cert.crt -days 3650 -nodes

Create request to sign in some trusted CA

openssl req -out server.csr -new -sha256 -newkey rsa:4096 -nodes -keyout server.key
cat server.csr

than submit CSR to CA

Create request if key already exist

openssl req -new -key server.key -out server.csr

non-interactive mode example

openssl req -new -key server.key -out server.csr -subj "/C=UA/ST=Kyiv/L=Kyiv/O=Company Name/OU=Department name/CN=example.com" -passin pass:password -passout pass:password


Check request

openssl req -text -noout -verify -in server.csr


Check and use certificate

# see the certificate
openssl x509 -in cert.crt -text -noout

# combine certificate and key in pem keypair file
cat server.key server.crt > keypair.pem


Check SSL connection

openssl s_client -connect server.example.com:443

Convert password protected p12 to pem

openssl pkcs12 -in key-with-password.p12 -passin pass:password -out key-with-password.pem


Remove password from PEM private ssl key

openssl rsa -in key-with-password.pem -out key.pem
  • No labels

Site may be often unavailable due to Russian invasion, but you can Help Ukraine