Skip to content

Instantly share code, notes, and snippets.

@kjivan

kjivan/openssl-reference.md

Last active September 22, 2022 06:54
Show Gist options
  • Save kjivan/7cb253cc08687b4daf6d2d66406b572a to your computer and use it in GitHub Desktop.
Save kjivan/7cb253cc08687b4daf6d2d66406b572a to your computer and use it in GitHub Desktop.
Download ZIP
OpenSSL Reference
Raw
openssl-reference.md

OpenSSL Reference

Cert Info

Get Sites SSL Info

echo | openssl s_client -showcerts -connect jivan.cc:443

Get Certificate From Site

echo | openssl s_client -connect HOST:PORT |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.crt

Inspect Cert

openssl x509 -text -noout -in jivan.crt

Verify Cert Chain

openssl verify UserCert.pem

Verify Custom Cert Chain

openssl verify -CAfile RootCert.pem -untrusted Intermediate.pem UserCert.pem

Get website cert's expiration date

echo  | openssl s_client -connect jivan.cc:443 > certexp.crt; openssl x509 -in certexp.crt -noout -enddate

Get subject hash

openssl x509 -subject -subject_hash -noout -in rootca.crt

Get issuer hash

openssl x509 -issuer -issuer_hash -noout -in intermediateca.crt

Source: https://stackoverflow.com/questions/63827480/openssl-error-20-at-0-depth-lookupunable-to-get-local-issuer-certificate

Create Self Signed Cert

Generate RSA Key

generate a private key with the correct length

openssl genrsa -out private-key.pem 3072

generate corresponding public key

openssl rsa -in private-key.pem -pubout -out public-key.pem

optional: create a self-signed certificate

openssl req -new -x509 -key private-key.pem -out cert.pem -days 360

optional: convert pem to pfx

openssl pkcs12 -export -inkey private-key.pem -in cert.pem -out cert.pfx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment