Certificate template

Certificates Cheat Sheet

The table below contains common commands for using OpenSSL:

Command Details
View and validation
Validate .key file openssl rsa –check –in file.key
View .crt entires openssl x509 –text –noout –in file.crt
view .csr entries openssl req –text –noout –verify –in file.csr
Extract .crt from .pfx openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]
Step-by-Step certificate creation
Create new Private key openssl genrsa -des3 -out domain.key 2048
Create new csr (Interactive) openssl req –new –key domain.key –out domain.csr
Create new csr (Non-Interactive) includes Subject Alternative Name openssl req –new –key domain.key –subj ‘/C=IL /ST=Israel /L=Herzlia /O=Company /OU=Group /CN=<FQDN> /emailAddress=<yourEmail> /subjectAltName=DNS.1=<name1>,DNS.2=<name2> …’ –out domain.csr

Keep the options without spaces!

Generate Self-Signed Certificate openssl x509 –req –days 3650 –in domain.csr –signkey domain.key –out domain.crt
Quick self-signed certificate creation
Generate Self-Signed Certificate – one command Openssl req –newkey rsa:2048 –nodes –keyout domain.key –x509 –days 365 –out domain.crt
Creating additional PFX file
Generate new pfx openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui -passout pass:”something” –cafile ca.crt -out rui.pfx
OpenSSL General Commands
Openssl version Show openssl software version
echo | openssl s_client –connect [ip:port] [-ssl3] Connect to server as a client and print public certificate data


Leave a Reply

Your email address will not be published. Required fields are marked *