[OPENSSL 101] OPENSSL 101 #openssl #ssl #101 #validity #check

openssl-101.md

OPENSSL 101

Convert DER to CRT

openssl x509 -inform DER -in certificate.cer > certificate.crt

Retrieve CA Certificate

openssl x509 -text -noout -in mycertificatefile.crt

Check validity of remote certificate

DOM="xxx.xxxxxxx.xxx";PORT="443";printf Q | openssl s_client -servername $DOM -connect $DOM:$PORT | openssl x509 -noout -dates

Generate cert for nginx cert based authentication (with android legacy mode for import)

generate rootCA with mkcert

### generate user key

openssl genrsa -des3 -out user.key 4096

generate user csr

openssl req -new -key user.key -out user.csr

generate user crt using mkcert CA

openssl x509 -req -days 365 -in user.csr -CA /root/.local/share/mkcert/rootCA.pem -CAkey /root/.local/share/mkcert/rootCA-key.pem -set_serial 01 -out user.crt

### convert to pkcs12

openssl pkcs12 -export -out user.pfx -inkey user.key -in user.crt -certfile /root/.local/share/mkcert/rootCA.pem

export to legacy pfx for android

openssl pkcs12 -nodes < your.p12 > /tmp/certbag.pem
openssl pkcs12 -export -legacy -in /tmp/certbag.pem > /tmp/legacy.p12