cmd/openssl: Difference between revisions

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< cmd
← Older editNewer edit →
Woozle (talk | contribs)
Bureaucrats, Interface administrators, interwiki, Administrators, trusted
20,099 edits
VisualWikitext
Links: manpage
improved formatting, and another command
Line 10: Line 10:
==Examples==
==Examples==
* To check that a certificate file is valid, and see what it says (does ''not'' work with key files) - typical file extensions are .crt, .ca:
* To check that a certificate file is valid, and see what it says (does ''not'' work with key files) - typical file extensions are .crt, .ca:
*: '''openssl x509 -text -in <u>filename</u>'''
*: '''<code>openssl x509 -text -in {{arg|filename}}</code>'''
* To verify how a web server is presenting its certificate over https:
* To verify how a web server is presenting its certificate over https:
*: '''openssl s_client -connect vbz.net:443'''
*: '''<code>openssl s_client -connect {{arg|domain}}:443</code>'''
** To get the expiration date:
**: '''<code>echo | openssl s_client -connect {{arg|domain}}:443 2>/dev/null | openssl x509 -noout -dates</code>'''
* To generate a new private key:
* To generate a new private key:
*: '''openssl genrsa -des3 -out <u>filename.key</u> 4096'''
*: '''<code>openssl genrsa -des3 -out {{arg|filename.key}} 4096</code>'''
* To remove the pass phrase from a private key:
* To remove the pass phrase from a private key:
*: '''openssl rsa -in <u>oldfile.key</u> -out <u>newfile.key</u>'''
*: '''<code>openssl rsa -in {{arg|oldfile.key}} -out {{arg|newfile.key}}</code>'''
*:: There is slightly more explanation [http://faq.andrew.net.au/cache/74.html here].
*:: There is slightly more explanation [http://faq.andrew.net.au/cache/74.html here].
==Notes==
==Notes==

Revision as of 15:41, 25 August 2018

<hide> page type::reference thing type::command utility platform::Linux mode::command line interface </hide>

About

openssl is the command-line program for managing SSL data and certificates.

Examples

  • To check that a certificate file is valid, and see what it says (does not work with key files) - typical file extensions are .crt, .ca:
    openssl x509 -text -in <filename>
  • To verify how a web server is presenting its certificate over https:
    openssl s_client -connect <domain>:443
    • To get the expiration date:
      echo | openssl s_client -connect <domain>:443 2>/dev/null | openssl x509 -noout -dates
  • To generate a new private key:
    openssl genrsa -des3 -out <filename.key> 4096
  • To remove the pass phrase from a private key:
    openssl rsa -in <oldfile.key> -out <newfile.key>
    There is slightly more explanation here.

Notes

  • openssl verify [1] seems to be the tool of choice for checking certificate files stored locally.
  • This also has some useful information about using openssl, and a little bit about the "chaining" concept.
Retrieved from "https://htyp.org/mw/index.php?title=cmd/openssl&oldid=24113"