Skip to content

Instantly share code, notes, and snippets.

@jrobinsonc

jrobinsonc/OpenSSL.md

Last active November 3, 2018 03:14
Show Gist options
  • Save jrobinsonc/023cb4a6b470ce4fbe97754e990f384c to your computer and use it in GitHub Desktop.
Save jrobinsonc/023cb4a6b470ce4fbe97754e990f384c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
OpenSSL.md

OpenSSL

Verify Certificate Signing Request (.CSR) Contents:

openssl req -noout -text -in test.com.csr

Generate CSR

openssl req -new -newkey rsa:2048 -nodes -keyout domain.com.key -out domain.com.csr

Check a certificate and return information about it (Signing authority, expiration date, etc.).

openssl x509 -in domain.com.crt -text -noout

Check a key. Check the SSL key and verify the consistency.

openssl rsa -in domain.com.key -check

Check a CSR
Verify the CSR and print CSR data filled in when generating the CSR.

openssl req -text -noout -verify -in /etc/pki/tls/private/www.domain.com.csr

Verify a certificate and key matches
The following two commands will print out md5 sums of the certificate and key. These sums can be compared to verify that the certificate and key match.

openssl x509 -noout -modulus -in /etc/pki/tls/certs/2020/last/www.domain.com.crt | openssl md5
openssl rsa -noout -modulus -in /etc/pki/tls/private/www.domain.com.key | openssl md5sordid eerily tract status zone

Generate CSR

openssl req -new -key /etc/pki/tls/private/www.domain.com.key -out /etc/pki/tls/private/www.domain.com.csr

Don't remember for what is this

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in www.domain.com.key | openssl md5
openssl req -noout -modulus -in www.domain.com.csr | openssl md5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment