Difference between revisions of "cmd/openssl"

Revision as of 01:43, 12 April 2012

openssl is the command-line program for managing SSL data and certificates.

To check that a certificate file is valid, and see what it says (does not work with key files) - typical file extensions are .crt, .ca:
openssl x509 -text -in filename
To verify how a web server is presenting its certificate over https:
openssl s_client -connect vbz.net:443
To generate a new private key:
openssl genrsa -des3 -out filename.key 4096
To remove the pass phrase from a private key:
openssl rsa -in oldfile.key -out newfile.key
There is slightly more explanation here.

openssl verify [1] seems to be the tool of choice for checking certificate files stored locally.
This also has some useful information about using openssl, and a little bit about the "chaining" concept.

@@ Line 9: / Line 9: @@
 [[openssl]] is the command-line program for managing [[Secure Sockets Layer|SSL]] data and certificates.
 ==Examples==
+* To check that a certificate file is valid, and see what it says (does ''not'' work with key files) - typical file extensions are .crt, .ca:
+*: '''openssl x509 -text -in <u>filename</u>'''
 * To verify how a web server is presenting its certificate over https:
 *: '''openssl s_client -connect vbz.net:443'''
 * To generate a new private key:
-*: '''openssl genrsa -des3 -out <u>filename</u>.key 4096'''
+*: '''openssl genrsa -des3 -out <u>filename.key</u> 4096'''
 * To remove the pass phrase from a private key:
 *: '''openssl rsa -in <u>oldfile.key</u> -out <u>newfile.key</u>'''