openssl

Description

Command

change key password

openssl rsa -in oldkey.pem -out newkey.pem -des3

remove a passphrase from a key

openssl rsa -in key.pem -out newkey.pem

print certificate details

openssl x509 -in cert.cert -noout -text

print contents of the private key

openssl rsa -noout -text -in cert.key

print contents of request

openssl req -noout -text -in new

print certificate details of root CA

openssl x509 -inform der -in PCA3ss_v4.509 -noout -text

print specific fields, such as the issuer

openssl x509 -in newcert.pem -noout -issuer

the hash

openssl x509 -in newcert.pem -noout -hash

email address

openssl x509 -in newcert.pem -noout -email

certificate expires

openssl x509 -in newcert.pem -noout -enddate

verify certificate

openssl verify -CAfile /ccs/export/ftp/pub/unix/network/WWW/openssl-0.9.6/certs/thawteCb.pem imap.uwo.ca.cert

To check that the public key in your cert matches the public  portion of your private key, you need to view the cert and the key and compare the numbers

openssl x509 -noout -modulus -in server.crt | openssl md5
 openssl rsa -noout -modulus -in server.key | openssl md5

create key and request with no passphrase
number of days a x509 generated by -x509 is valid for (5 years)

openssl req -new -nodes -days 1825 -out im.uwo.ca.csr -keyout im.uwo.ca.key

good openssl reference

http://www.madboa.com/geek/openssl

pkcs7 issue

http://hummy.wikidot.com/verisign-pkcs7-certificates

extract a certificate out of a PKCS7 certificate supplied by Thawte

openssl pkcs7 -in www.uwo.ca.pk -out www.uwo.ca.out -print_certs

Take the certificate and key in PEM format and, using openssl, create a  PKCS12 file:

openssl pkcs12 \

-export -in [my_certificate.crt] \

-inkey [my_key.key] \

-out [keystore.p12] \

-name [new_alias] \

-CAfile [my_ca_bundle.crt] \

-caname root

 

 


Published on  and maintained in Cascade CMS.