Important Openssl Commands : How to
- How to find OpenSSL version
openssl version -a
- How to Create new Private Key and Certificate Signing Request
openssl req -out javaperformance.csr -newkey rsa:2048 -nodes -keyout cgibell.key
- How to create a Self-Signed Certificate
openssl req -x509 -sha256 -nodes -newkey rsa:2048 -keyout javaperformanceselfsigned.key -out javaperformancecert.pem
- How to verify CSR file
openssl req -noout -text -in javaperformance.csr
- How to create RSA Private Key
openssl genrsa -out private.key 2048
- How to remove Passphrase(password) from Key
openssl rsa -in javaperformance.key -out nopassphrase.key
- How to verify Private Key
openssl rsa -in certkey.key –check
- How to verify the Certificate Signer Authority
openssl x509 -in certfile.pem -noout -issuer -issuer_hash
- How to Check Hash Value of A Certificate
openssl x509 -noout -hash -in javaperformance.pem
- How to Convert DER to PEM format
openssl x509 –inform der –in sslcert.der –out sslcert.pem
- How to Convert PEM to DER format
openssl x509 –outform der –in sslcert.pem –out sslcert.der
- How to Convert Certificate and Private Key to PKCS#12 format
openssl pkcs12 –export –out sslcert.pfx –inkey key.pem –in sslcert.pem
- How to Create CSR using an existing private key
openssl req –out certificate.csr –key existing.key –new
- How to Check contents of PKCS12 format cert – PKCS12 is binary format so you won’t be able to view the content in notepad or another editor.
openssl pkcs12 –info –nodes –in cert.p12
- How to Convert PKCS12 format to PEM certificate
openssl pkcs12 –in cert.p12 –out cert.pem
- How to Test SSL certificate of particular URL
openssl s_client -connect javaperformance.co.in:443 –showcerts
- How to check PEM File Certificate Expiration Date
openssl x509 -noout -in certificate.pem -dates
- How to check Certificate Expiration Date of SSL URL
openssl s_client -connect javaperformance.co.in:443 2>/dev/null | openssl x509 -noout –enddate
Eg:
openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout –enddate