The table below contains common commands for using OpenSSL:
Command | Details |
View and validation | |
Validate .key file | openssl rsa –check –in file.key |
View .crt entires | openssl x509 –text –noout –in file.crt |
view .csr entries | openssl req –text –noout –verify –in file.csr |
Extract .crt from .pfx | openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt] |
Step-by-Step certificate creation | |
Create new Private key | openssl genrsa -des3 -out domain.key 2048 |
Create new csr (Interactive) | openssl req –new –key domain.key –out domain.csr |
Create new csr (Non-Interactive) includes Subject Alternative Name | openssl req –new –key domain.key –subj ‘/C=IL /ST=Israel /L=Herzlia /O=Company /OU=Group /CN=<FQDN> /emailAddress=<yourEmail> /subjectAltName=DNS.1=<name1>,DNS.2=<name2> …’ –out domain.csr
Keep the options without spaces! |
Generate Self-Signed Certificate | openssl x509 –req –days 3650 –in domain.csr –signkey domain.key –out domain.crt |
Quick self-signed certificate creation | |
Generate Self-Signed Certificate – one command | Openssl req –newkey rsa:2048 –nodes –keyout domain.key –x509 –days 365 –out domain.crt |
Creating additional PFX file | |
Generate new pfx | openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui -passout pass:”something” –cafile ca.crt -out rui.pfx |
OpenSSL General Commands | |
Openssl version | Show openssl software version |
echo | openssl s_client –connect [ip:port] [-ssl3] | Connect to server as a client and print public certificate data |