from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
Jump to: navigation, search


openssl is the command-line program for managing SSL data and certificates.


  • To check that a certificate file is valid, and see what it says (does not work with key files) - typical file extensions are .crt, .ca:
    openssl x509 -text -in filename
  • To verify how a web server is presenting its certificate over https:
    openssl s_client -connect
  • To generate a new private key:
    openssl genrsa -des3 -out filename.key 4096
  • To remove the pass phrase from a private key:
    openssl rsa -in oldfile.key -out newfile.key
    There is slightly more explanation here.


  • openssl verify [1] seems to be the tool of choice for checking certificate files stored locally.
  • This also has some useful information about using openssl, and a little bit about the "chaining" concept.