Difference between revisions of "cmd/openssl"

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< cmd
Jump to navigation Jump to search
 
m
 
(7 intermediate revisions by the same user not shown)
Line 7: Line 7:
 
</hide>
 
</hide>
 
==About==
 
==About==
[[openssl]] is the command-line program for managing [[Secure Sockets Layer|SSL]] data and certificates.
+
{{l/cmd|openssl}} is the command-line program for managing [[Secure Sockets Layer|SSL]] data and certificates.
==Example==
+
==Examples==
* openssl s_client -connect vbz.net:443
+
* To check that a certificate file is valid, and see what it says (does ''not'' work with key files) - typical file extensions are .crt, .ca:
 +
*: '''<code>openssl x509 -text -in {{arg|filename}}</code>'''
 +
* To verify how a web server is presenting its certificate over https:
 +
*: '''<code>openssl s_client -connect {{arg|domain}}:443</code>'''
 +
** To get the expiration date:
 +
**: '''<code>echo | openssl s_client -connect {{arg|domain}}:443 2>/dev/null | openssl x509 -noout -dates</code>'''
 +
* To generate a new private key:
 +
*: '''<code>openssl genrsa -des3 -out {{arg|filename.key}} 4096</code>'''
 +
* To remove the pass phrase from a private key:
 +
*: '''<code>openssl rsa -in {{arg|oldfile.key}} -out {{arg|newfile.key}}</code>'''
 +
*:: There is slightly more explanation [http://faq.andrew.net.au/cache/74.html here].
 
==Notes==
 
==Notes==
 
* [[/verify|openssl verify]] [http://www.mkssoftware.com/docs/man1/openssl_verify.1.asp] seems to be the tool of choice for checking certificate files stored locally.
 
* [[/verify|openssl verify]] [http://www.mkssoftware.com/docs/man1/openssl_verify.1.asp] seems to be the tool of choice for checking certificate files stored locally.
 
* [http://lists2.ssc.com/pipermail/linux-list/2007-October/029355.html This] also has some useful information about using [[openssl]], and a little bit about the "chaining" concept.
 
* [http://lists2.ssc.com/pipermail/linux-list/2007-October/029355.html This] also has some useful information about using [[openssl]], and a little bit about the "chaining" concept.
 
==Links==
 
==Links==
 +
* {{l/manpage}}
 +
** [https://www.openssl.org/docs/manmaster/man5/config.html openssl.cnf]
 
* [http://www.openssl.org/ openssl.org]
 
* [http://www.openssl.org/ openssl.org]
 
** [http://www.openssl.org/docs/apps/s_client.html s_client]
 
** [http://www.openssl.org/docs/apps/s_client.html s_client]
 +
* [http://www.madboa.com/geek/openssl/ examples]
 +
* [https://help.ubuntu.com/community/OpenSSL Ubuntu documentation: OpenSSL]

Latest revision as of 01:27, 26 November 2022

About

openssl is the command-line program for managing SSL data and certificates.

Examples

  • To check that a certificate file is valid, and see what it says (does not work with key files) - typical file extensions are .crt, .ca:
    openssl x509 -text -in <filename>
  • To verify how a web server is presenting its certificate over https:
    openssl s_client -connect <domain>:443
    • To get the expiration date:
      echo | openssl s_client -connect <domain>:443 2>/dev/null | openssl x509 -noout -dates
  • To generate a new private key:
    openssl genrsa -des3 -out <filename.key> 4096
  • To remove the pass phrase from a private key:
    openssl rsa -in <oldfile.key> -out <newfile.key>
    There is slightly more explanation here.

Notes

  • openssl verify [1] seems to be the tool of choice for checking certificate files stored locally.
  • This also has some useful information about using openssl, and a little bit about the "chaining" concept.

Links