Difference between revisions of "cmd/openssl"
< cmd
Jump to navigation
Jump to search
(→Links: manpage) |
(improved formatting, and another command) |
||
| Line 10: | Line 10: | ||
==Examples== | ==Examples== | ||
* To check that a certificate file is valid, and see what it says (does ''not'' work with key files) - typical file extensions are .crt, .ca: | * To check that a certificate file is valid, and see what it says (does ''not'' work with key files) - typical file extensions are .crt, .ca: | ||
| − | *: '''openssl x509 -text -in | + | *: '''<code>openssl x509 -text -in {{arg|filename}}</code>''' |
* To verify how a web server is presenting its certificate over https: | * To verify how a web server is presenting its certificate over https: | ||
| − | *: '''openssl s_client -connect | + | *: '''<code>openssl s_client -connect {{arg|domain}}:443</code>''' |
| + | ** To get the expiration date: | ||
| + | **: '''<code>echo | openssl s_client -connect {{arg|domain}}:443 2>/dev/null | openssl x509 -noout -dates</code>''' | ||
* To generate a new private key: | * To generate a new private key: | ||
| − | *: '''openssl genrsa -des3 -out | + | *: '''<code>openssl genrsa -des3 -out {{arg|filename.key}} 4096</code>''' |
* To remove the pass phrase from a private key: | * To remove the pass phrase from a private key: | ||
| − | *: '''openssl rsa -in | + | *: '''<code>openssl rsa -in {{arg|oldfile.key}} -out {{arg|newfile.key}}</code>''' |
*:: There is slightly more explanation [http://faq.andrew.net.au/cache/74.html here]. | *:: There is slightly more explanation [http://faq.andrew.net.au/cache/74.html here]. | ||
==Notes== | ==Notes== | ||
Revision as of 15:41, 25 August 2018
About
openssl is the command-line program for managing SSL data and certificates.
Examples
- To check that a certificate file is valid, and see what it says (does not work with key files) - typical file extensions are .crt, .ca:
openssl x509 -text -in <filename>
- To verify how a web server is presenting its certificate over https:
openssl s_client -connect <domain>:443
- To get the expiration date:
echo | openssl s_client -connect <domain>:443 2>/dev/null | openssl x509 -noout -dates
- To generate a new private key:
openssl genrsa -des3 -out <filename.key> 4096
- To remove the pass phrase from a private key:
openssl rsa -in <oldfile.key> -out <newfile.key>- There is slightly more explanation here.
Notes
- openssl verify [1] seems to be the tool of choice for checking certificate files stored locally.
- This also has some useful information about using openssl, and a little bit about the "chaining" concept.