Home » SSL Certificate » The Most Common OpenSSL Commands

The Most Common OpenSSL Commands

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
OpenSSL Commands

OpenSSL Command Cheat Sheet

OpenSSL is an “Open-Source” based implementation of the SSL protocol, with versions available for Windows, Linux, and Mac OS X. It is a highly versatile tool used to create CSRs (Certificate Signing Requests) and Private Keys as well as compare an MD5 hash of different certificates or private keys; verify installed certificates on any website; and convert certificates into different formats. The most common OpenSSL commands are generating Certificate Signing Requests, verifying that a certificate is properly installed on a website, comparing the MD5 hash of a certificate or private key with other versions, and converting certificates from one format to another.

See Also: The Most Common Java Keytool Keystore Commands

Common OpenSSL Commands

In this blog, we have mentioned some common OpenSSL commands used for different SSL management purpose. OpenSSL provides a wide range of options & parameters for each command, allowing users to manage their SSL infrastructure & fix their queries in no-time.

Here’s an introduction to some common OpenSSL commands:

Generate a new private key and Certificate Signing Request

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

Generate a self-signed certificate using OpenSSL

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

Generate a certificate signing request (CSR) for an existing private key

openssl req -out CSR.csr -key privateKey.key -new

Generate a certificate signing request based on an existing certificate

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

Remove a passphrase from a private key

openssl rsa -in privateKey.pem -out newPrivateKey.pem

Checking Using OpenSSL Commands

Check a Certificate Signing Request (CSR)

openssl req -text -noout -verify -in CSR.csr

Check a private key

openssl rsa -in privateKey.key -check

Check a certificate

openssl x509 -in certificate.crt -text -noout

Check a PKCS#12 file (.pfx or .p12)

openssl pkcs12 -info -in keyStore.p12

Debugging Using OpenSSL Commands

Verify an MD5 hash of the public key to make sure it matches with CSR or private key

openssl x509 -noout -modulus -in certificate.crt | openssl md5

openssl rsa -noout -modulus -in privateKey.key | openssl md5

openssl req -noout -modulus -in CSR.csr | openssl md5

Verify an SSL connection. All certificates (including Intermediates) must be shown.

openssl s_client -connect www.paypal.com:443

Converting Using OpenSSL Commands

OpenSSL Convert PEM

Convert PEM to DER:

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert PEM to P7B:

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

Convert PEM & Private Key to PFX/P12:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

OpenSSL Convert DER

Convert DER to PEM:

openssl x509 -inform der -in certificate.der -out certificate.pem

OpenSSL Convert P7B

Convert P7B to PEM:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Convert P7B to PFX:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

OpenSSL Convert PFX

Convert PFX to PEM and Private Key

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

Remove Private key password

openssl rsa -in file.key -out file2.key

Conclusion on OpenSSL Commands

OpenSSL commands can be used to encrypt data, generate certificates, sign documents, configure TLS/ SSL connections & more. It can be leveraged to assist in achieving regulatory compliance. With its many features and benefits, OpenSSL is an invaluable tool for organizations looking to ensure robust security.

Recent Posts

Explore More Topic