Last active
December 30, 2019 22:58
-
-
Save gargolito/8989807ed20272e9bbb720675338dae4 to your computer and use it in GitHub Desktop.
ssl stuff #openssl #linux
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| convert cert downloaded from digicert to base64 | |
| openssl x509 -inform DER -in DigiCertSHA2SecureServerCA.crt -out DigiCertSHA2SecureServerCA.cer | |
| Verify CA against SSL | |
| openssl verify -verbose -CAfile DigiCertSHA2SecureServerCA.cer server.pem | |
| Check that key matches cert, md5 output should be excatly the same if good. | |
| openssl x509 -noout -modulus -in certificate.crt | openssl md5 | |
| openssl rsa -noout -modulus -in privateKey.key | openssl md5 | |
| if they don't match, and you think they should | |
| openssl pkey -in privateKey.key -pubout -outform pem | sha256sum | |
| openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum | |
| Remove password from key file | |
| openssl rsa -in futurestudio_with_pass.key -out futurestudio.key | |
| Convert p7b to pem | |
| openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem | |
| More info | |
| https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs | |
| https://jamielinux.com/docs/openssl-certificate-authority/sign-server-and-client-certificates.html | |
| Check a Certificate Signing Request (CSR) | |
| openssl req -text -noout -verify -in CSR.csr | |
| Check a private key | |
| openssl rsa -in privateKey.key -check | |
| Check a certificate | |
| openssl x509 -in certificate.crt -text -noout | |
| Check a PKCS#12 file (.pfx or .p12) | |
| openssl pkcs12 -info -in keyStore.p12 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment