cmd/openssl: Difference between revisions
from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< cmd
mNo edit summary |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 7: | Line 7: | ||
</hide> | </hide> | ||
==About== | ==About== | ||
{{l/cmd|openssl}} is the command-line program for managing [[Secure Sockets Layer|SSL]] data and certificates. | |||
==Examples== | ==Examples== | ||
* To check that a certificate file is valid, and see what it says (does ''not'' work with key files) - typical file extensions are .crt, .ca: | * To check that a certificate file is valid, and see what it says (does ''not'' work with key files) - typical file extensions are .crt, .ca: | ||
Latest revision as of 01:27, 26 November 2022
<hide> page type::reference thing type::command utility platform::Linux mode::command line interface </hide>
About
openssl is the command-line program for managing SSL data and certificates.
Examples
- To check that a certificate file is valid, and see what it says (does not work with key files) - typical file extensions are .crt, .ca:
openssl x509 -text -in <filename>
- To verify how a web server is presenting its certificate over https:
openssl s_client -connect <domain>:443
- To get the expiration date:
echo | openssl s_client -connect <domain>:443 2>/dev/null | openssl x509 -noout -dates
- To generate a new private key:
openssl genrsa -des3 -out <filename.key> 4096
- To remove the pass phrase from a private key:
openssl rsa -in <oldfile.key> -out <newfile.key>- There is slightly more explanation here.
Notes
- openssl verify [1] seems to be the tool of choice for checking certificate files stored locally.
- This also has some useful information about using openssl, and a little bit about the "chaining" concept.
