Openssl

here is a list of often needed openssl commands to work with ssl keys:

  • Create new private key + CSR:
openssl req -new -newkey rsa:2048 -nodes 
  -keyout common_name.key -out common_name.csr
  • Create CSR from existing private key:
openssl req -new -key common_name.key -out common_name.csr
  • Check CSR:
openssl req -text -noout -verify -in common_name.csr
  • Check private key:
openssl rsa -in common_name.key -check
  • Check certificate:
openssl x509 -in common_name.crt -text -noout
  • Remove password from key:
openssl rsa -in common_name.key.bak -out common_name.key
  • Self-sign a CSR
openssl x509 -req -days 365 -in common_name.csr 
  -signkey common_name.key -out common_name.crt
  • Check host certificate:
openssl s_client -connect HOST:PORT

Leave a Reply