Skip to content

Instantly share code, notes, and snippets.

@ajai8085
Forked from codingoutloud/make-keys.bat
Created November 22, 2016 23:55
Show Gist options
  • Save ajai8085/ff38d1d014767230920c7242a7788661 to your computer and use it in GitHub Desktop.
Save ajai8085/ff38d1d014767230920c7242a7788661 to your computer and use it in GitHub Desktop.
Handy OpenSSL command-line combinations I've used - they might've been hard to find or come up with, so capturing them here.
@echo off
if _%1_==__ goto USAGE
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem -subj "/CN=My Cert Name"
openssl pkcs12 -export -out mycert.pfx -inkey mycert.pem -in mycert.pem -passout pass:%1
openssl x509 -inform pem -in mycert.pem -outform der -out mycert.cer
openssl pkcs12 -in mycert.pfx -nodes -passin pass:%1 | openssl x509 -noout -fingerprint
openssl x509 -in mycert.pem -noout -fingerprint
openssl x509 -in mycert.pem -noout -subject
openssl x509 -in mycert.pem -noout -text | grep "RSA Public Key"
goto END
:USAGE
echo %0 password-for-private-key
:END
## create certificates with same key set in PKCS #12 (.pfx), X.509 (.pem), and CER (.cer) formats.
## PKCS #12 (.pfx) and X.509 (.pem) certificates will have private keys.
## show thumbprints and subjects.
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem -subj "/CN=My Cert Name"
openssl pkcs12 -export -out mycert.pfx -inkey mycert.pem -in mycert.pem
openssl x509 -inform pem -in mycert.pem -outform der -out mycert.cer
# show thumbprint (perhaps to match it with Windows Azure portal)
openssl x509 -in mycert.pem -noout -fingerprint
# credit: http://stackoverflow.com/a/15520543/306430
openssl pkcs12 -in mycert.pfx -nodes | openssl x509 -noout -fingerprint
# show CN Subject (perhaps to match it with NAME displayed in Windows Azure Portal)
openssl x509 -in mycert.pem -noout -subject
# show key length (1024, 2048, etc.) (perhaps to make sure it is strong, but not too strong - 1024 good?)
openssl x509 -in mycert.pem -noout -text | grep "RSA Public Key"
## create Windows Azure Management Certificate
# - create pem file for use on Mac or Linux
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.key -out mycert.pem
# - same as above, but also assign the Subject Name, which is used as cert name in Windows Azure Portal
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.key -out mycert.pem -subj "/O=My Cert Name"
# - same as above, except set Common Name rather than Organization
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.key -out mycert.pem -subj "/CN=My Cert Name"
# - same as above, but BOTH -keyout and -out are directed at same file
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem -subj "/O=My Cert Name"
# - derive cer file for upload to Windows Azure
openssl x509 -inform pem -in mycert.pem -outform der -out mycert.cer
## credit: http://stackoverflow.com/questions/15413646/converting-pfx-to-pem-using-openssl
# PEM => PFX
openssl pkcs12 -export -out mycert.pfx -inkey mycert.pem -in mycert.pem
# PFX => PEM (keep cert chain)
openssl pkcs12 -in file.pfx -out file.pem -nodes
## SSL
pkcs12 -in client_ssl.pfx -out client_ssl.pem -clcerts
pkcs12 -in client_ssl.pfx -out root.pem -cacerts
# - or - (via Tim L - save private key to text file with .key extension)
openssl pkcs12 –export –in foo.crt –inkey foo.key –out foo.pfx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment