Most common openssl commands

This post is a collection of most common and helpful openssl commands which we need to use to deal with tasks like generating keys, CSRs, certificates.

# Verify or check content

Verify a certificate file

openssl x509 -in thecodersstop.pem -text -noout

Verify a CSR request

openssl req -text -noout -verify -in thecodersstop.csr

Verify a private key file

openssl rsa -in thecodersstop-key.key -check

Check contents of PKCS12 format cert (.pfx or p12)

openssl pkcs12 -info -nodes -in thecodersstop.pfx

Verify a certificate against a CA certificate

openssl verify -CAfile ca.pem thecodersstop.pem

# Create using openssl

Create a Self-Signed Certificate

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout thecodersstop-key.key -out thecodersstop.pem

Create private key and CSR (certificate signing request)

openssl req -out thecodersstop.csr -newkey rsa:2048 -nodes -keyout thecodersstop-key.key

Create RSA private key

openssl genrsa -out thecodersstop-key.key 2048

Generate a CSR using an existing private key

openssl req -out thecodersstop.csr -key thecodersstop-key.key -new

Create unecrypted key from a password protected private key

openssl rsa -in thecodersstop-key.key -out thecodersstop-key-unencrypted.pem -passin pass:1234

Remove passphrase from a private key

openssl rsa -in thecodersstop-key.key -out thecodersstop-key-new.key

# Convert using openssl

Convert pem certificate and private Key to PKCS#12 format (.pfx or p12)

openssl pkcs12 -export -out thecodersstop.pfx -inkey thecodersstop-key.key -in thecodersstop.pem

Convert PEM certificate to DER format

openssl x509 -outform der -in thecodersstop.pem -out thecodersstop.der

Please like and share if you found this post useful. If you need help with a command which is not there in the list, please let us know, we will help you and add it here also.

Any suggestions and feedback are welcome, please comment so that we can consider your valuable feedback. Thanks for reading!

Leave a Reply

%d bloggers like this: