Difference between revisions of "cmd/openssl"
< cmd
Jump to navigation
Jump to search
(improved formatting, and another command) |
(→Links) |
||
| Line 25: | Line 25: | ||
==Links== | ==Links== | ||
* {{l/manpage}} | * {{l/manpage}} | ||
| + | ** [https://www.openssl.org/docs/manmaster/man5/config.html openssl.cnf] | ||
* [http://www.openssl.org/ openssl.org] | * [http://www.openssl.org/ openssl.org] | ||
** [http://www.openssl.org/docs/apps/s_client.html s_client] | ** [http://www.openssl.org/docs/apps/s_client.html s_client] | ||
* [http://www.madboa.com/geek/openssl/ examples] | * [http://www.madboa.com/geek/openssl/ examples] | ||
Revision as of 14:44, 5 December 2020
About
openssl is the command-line program for managing SSL data and certificates.
Examples
- To check that a certificate file is valid, and see what it says (does not work with key files) - typical file extensions are .crt, .ca:
openssl x509 -text -in <filename>
- To verify how a web server is presenting its certificate over https:
openssl s_client -connect <domain>:443
- To get the expiration date:
echo | openssl s_client -connect <domain>:443 2>/dev/null | openssl x509 -noout -dates
- To generate a new private key:
openssl genrsa -des3 -out <filename.key> 4096
- To remove the pass phrase from a private key:
openssl rsa -in <oldfile.key> -out <newfile.key>- There is slightly more explanation here.
Notes
- openssl verify [1] seems to be the tool of choice for checking certificate files stored locally.
- This also has some useful information about using openssl, and a little bit about the "chaining" concept.