Here’s a cheat sheet for using OpenSSL, a versatile open-source tool for working with SSL/TLS protocols and certificates:
Generate SSL/TLS Key and Certificate
Generate a Private Key:
openssl genpkey -algorithm RSA -out private_key.pemGenerate a Self-Signed Certificate:
openssl req -x509 -new -key private_key.pem -out certificate.pem -days 365Certificate Signing Request (CSR)
Generate a CSR:
openssl req -new -key private_key.pem -out csr.pemViewing Certificates
View Certificate Information:
openssl x509 -in certificate.pem -noout -textView CSR Information:
openssl req -in csr.pem -noout -textVerify Certificates
Verify a Certificate Against CA:
openssl verify -CAfile ca.pem certificate.pemConvert Certificate Formats
Convert PEM to DER:
openssl x509 -in certificate.pem -outform der -out certificate.derConvert PEM to PKCS#12 (PFX):
openssl pkcs12 -export -in certificate.pem -inkey private_key.pem -out certificate.pfxCertificate Chains
Create a Certificate Chain File:
cat certificate.pem intermediate.pem > chain.pemKey Management
Extract Public Key from Private Key:
openssl pkey -in private_key.pem -pubout -out public_key.pemEncrypt and Decrypt with RSA:
openssl rsautl -encrypt -pubin -inkey public_key.pem -in plaintext.txt -out encrypted.txt
openssl rsautl -decrypt -inkey private_key.pem -in encrypted.txt -out decrypted.txtGenerate Strong Random Numbers
Generate Random Hex String:
openssl rand -hex 16OpenSSL as a Simple Web Server
Serve a Directory over HTTPS:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365
openssl s_server -key key.pem -cert cert.pem -accept 44330 -wwwAccess the server at https://localhost:44330/
Miscellaneous
Check OpenSSL Version:
openssl versionDigest Algorithms:
- OpenSSL supports various digest algorithms, including MD5, SHA-1, SHA-256, etc.
This cheat sheet covers some common OpenSSL commands. For more details and advanced usage, refer to the official OpenSSL documentation or use the man command in the terminal (man openssl).