The Most Common OpenSSL Commands

OpenSSL Command Cheat Sheet

OpenSSL is an “Open-Source” based implementation of the SSL protocol, with versions available for Windows, Linux, and Mac OS X. It is a highly versatile tool used to create CSRs (Certificate Signing Requests) and Private Keys as well as compare an MD5 hash of different certificates or private keys; verify installed certificates on any website; and convert certificates into different formats. The most common OpenSSL commands are generating Certificate Signing Requests, verifying that a certificate is properly installed on a website, comparing the MD5 hash of a certificate or private key with other versions, and converting certificates from one format to another.

See Also: The Most Common Java Keytool Keystore Commands

Common OpenSSL Commands

In this blog, we have mentioned some common OpenSSL commands used for different SSL management purpose. OpenSSL provides a wide range of options & parameters for each command, allowing users to manage their SSL infrastructure & fix their queries in no-time.

Here’s an introduction to some common OpenSSL commands:

Generate a new private key and Certificate Signing Request

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

Generate a self-signed certificate using OpenSSL

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

Generate a certificate signing request (CSR) for an existing private key

openssl req -out CSR.csr -key privateKey.key -new

Generate a certificate signing request based on an existing certificate

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

Remove a passphrase from a private key

openssl rsa -in privateKey.pem -out newPrivateKey.pem

Checking Using OpenSSL Commands

Check a Certificate Signing Request (CSR)

openssl req -text -noout -verify -in CSR.csr

Check a private key

openssl rsa -in privateKey.key -check

Check a certificate

openssl x509 -in certificate.crt -text -noout

Check a PKCS#12 file (.pfx or .p12)

openssl pkcs12 -info -in keyStore.p12

Debugging Using OpenSSL Commands

Verify an MD5 hash of the public key to make sure it matches with CSR or private key

openssl x509 -noout -modulus -in certificate.crt | openssl md5

openssl rsa -noout -modulus -in privateKey.key | openssl md5

openssl req -noout -modulus -in CSR.csr | openssl md5

Verify an SSL connection. All certificates (including Intermediates) must be shown.

openssl s_client -connect www.paypal.com:443

Converting Using OpenSSL Commands

OpenSSL Convert PEM

Convert PEM to DER:

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert PEM to P7B:

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

Convert PEM & Private Key to PFX/P12:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

OpenSSL Convert DER

Convert DER to PEM:

openssl x509 -inform der -in certificate.der -out certificate.pem

OpenSSL Convert P7B

Convert P7B to PEM:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Convert P7B to PFX:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

OpenSSL Convert PFX

Convert PFX to PEM and Private Key

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

Remove Private key password

openssl rsa -in file.key -out file2.key

Conclusion on OpenSSL Commands

OpenSSL commands can be used to encrypt data, generate certificates, sign documents, configure TLS/ SSL connections & more. It can be leveraged to assist in achieving regulatory compliance. With its many features and benefits, OpenSSL is an invaluable tool for organizations looking to ensure robust security.