Skip to content

Instantly share code, notes, and snippets.

@gmassawe

gmassawe/openssl_cheat_sheet.md

Last active December 15, 2024 17:50
Show Gist options
  • Save gmassawe/e18514878a5d660009a82474dafa9c49 to your computer and use it in GitHub Desktop.
Save gmassawe/e18514878a5d660009a82474dafa9c49 to your computer and use it in GitHub Desktop.
Download ZIP
OpenSSL Cheat Sheet
Raw
openssl_cheat_sheet.md

OpenSSL Cheat Sheet (Updated for Latest Standards)

Listing Available Ciphers

To list all available ciphers with their details:

openssl ciphers -v

To list unique cipher algorithms:

openssl list -cipher-algorithms

Key and Certificate Conversion Commands

Convert DER to PEM for RSA Key

openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem

Remove Passphrase from RSA Private Key

openssl rsa -in privatekey.pem -out privatekey_nopass.pem

Convert PEM to DER for RSA Key

openssl rsa -inform PEM -outform DER -in privatekey.pem -out privatekey.der

Convert DER to PEM for X.509 Certificate

openssl x509 -inform DER -outform PEM -in certificate.der -out certificate.pem

Convert PEM to DER for X.509 Certificate

openssl x509 -inform PEM -outform DER -in certificate.pem -out certificate.der

Remove Passphrase from X.509 Certificate

X.509 certificates typically don't have passphrases. If you need to convert formats:

openssl x509 -in certificate.pem -out certificate.crt

PKCS Conversions

Convert PEM to PKCS#7 (P7B) Format

openssl crl2pkcs7 -nocrl -certfile certificate.pem -out certificate.p7b

Convert PKCS#7 (P7B) to PEM Format

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem

Convert PKCS#7 (P7B) to PKCS#12 (PFX) Format

  1. Extract the certificates: 
    openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem
  2. Combine with the private key to create a PFX file: 
    openssl pkcs12 -export -in certificate.pem -inkey privatekey.key -out certificate.pfx -certfile CACert.pem

Convert PKCS#12 (PFX) to PEM Format

openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes

Convert PEM to PKCS#12 (PFX) Format

openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in certificate.crt -certfile CACert.crt

Generating Private Keys and CSRs

Generate a 2048-bit RSA Private Key

openssl genpkey -algorithm RSA -out privatekey.pem -pkeyopt rsa_keygen_bits:2048

Generate an Elliptic Curve Private Key (using prime256v1 curve)

openssl ecparam -name prime256v1 -genkey -noout -out eckey.pem

Generate a Certificate Signing Request (CSR) with SHA-256

openssl req -new -key privatekey.pem -out request.csr -sha256

Viewing and Verifying Files

View Certificate Details

openssl x509 -in certificate.pem -text -noout

Verify a Private Key Matches a Certificate

openssl x509 -noout -modulus -in certificate.pem | openssl md5
openssl rsa -noout -modulus -in privatekey.pem | openssl md5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment