Openssl is an open source project, consists with cryptographic library and SSL/TSL protocols toolkit. Widely being used in server side and client tools. It's command line are also commonly used for key and certificate management.

Below shows some of most used command examples:

Check openssl version

Use the command 'openssl version -a'

$openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Thu Nov  6 13:16:51 CST 2014
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic

Examing openssl certificate and keys

Use -text to print certificate content, while use -noout to not print non encoded certificate itself

openssl x509 -text -in fd.crt -noout
openssl x509 -text -in hostcert.pem -noout

Similar command to print key content

openssl x509 -text -in userkey.pem

Convert certifcate and key format

Keys and Certificates can be stored in varity of formats, you will often need to convert key or certificate from one format to another

To convert certificate from PEM to PKCS

openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out mycert.p12  -name 'This email address is being protected from spambots. You need JavaScript enabled to view it.' 

To convert PKCS to PEM

openssl pkcs12 -in <filename>.p12 -nokeys -clcerts -out usercert.pem 
openssl pkcs12 -in <filename>.p12 -nocerts -out userkey.pem
And chmod the .pem files to read only.

To conver PEM to DER

openssl x509 -inform PEM -in fd.pem -outform DER -out fd.der

TO convert DER to PEM

openssl x509 -inform DER -in fd.der -outform PEM -out fd.pem

Most common format are

Binary certificate(DER)
ASCII certificate(PEM)
PKCS certificate
Binary key(DER)
PKCS key


Comments powered by CComment