cmd/openssl: Difference between revisions
from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< cmd
another command |
→Links: manpage |
||
| Line 22: | Line 22: | ||
* [http://lists2.ssc.com/pipermail/linux-list/2007-October/029355.html This] also has some useful information about using [[openssl]], and a little bit about the "chaining" concept. | * [http://lists2.ssc.com/pipermail/linux-list/2007-October/029355.html This] also has some useful information about using [[openssl]], and a little bit about the "chaining" concept. | ||
==Links== | ==Links== | ||
* {{l/manpage}} | |||
* [http://www.openssl.org/ openssl.org] | * [http://www.openssl.org/ openssl.org] | ||
** [http://www.openssl.org/docs/apps/s_client.html s_client] | ** [http://www.openssl.org/docs/apps/s_client.html s_client] | ||
* [http://www.madboa.com/geek/openssl/ examples] | * [http://www.madboa.com/geek/openssl/ examples] | ||
Revision as of 22:02, 12 February 2015
<hide> page type::reference thing type::command utility platform::Linux mode::command line interface </hide>
About
openssl is the command-line program for managing SSL data and certificates.
Examples
- To check that a certificate file is valid, and see what it says (does not work with key files) - typical file extensions are .crt, .ca:
- openssl x509 -text -in filename
- To verify how a web server is presenting its certificate over https:
- openssl s_client -connect vbz.net:443
- To generate a new private key:
- openssl genrsa -des3 -out filename.key 4096
- To remove the pass phrase from a private key:
- openssl rsa -in oldfile.key -out newfile.key
- There is slightly more explanation here.
- openssl rsa -in oldfile.key -out newfile.key
Notes
- openssl verify [1] seems to be the tool of choice for checking certificate files stored locally.
- This also has some useful information about using openssl, and a little bit about the "chaining" concept.
