Cloud Tuned
Cheat Sheet #day5 - OpenSSL Commands

Cheat Sheet #day5 - OpenSSL Commands

Cloud Tuned's photo
Cloud Tuned
·

3 min read

OpenSSL Cheat Sheet

OpenSSL is a powerful tool for managing SSL/TLS certificates and encryption. Below is a comprehensive cheat sheet covering common OpenSSL commands for various tasks such as generating keys, creating certificate signing requests (CSRs), and managing certificates.

General Information

  • Version: Check OpenSSL version
    openssl version

Key Generation

  • Generate an RSA Private Key:
    openssl genpkey -algorithm RSA -out private.key
  • Generate a Private Key with a Specific Size (e.g., 2048 bits):
    openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048
  • Generate a Password-Protected Private Key:
    openssl genpkey -algorithm RSA -aes256 -out private.key

Certificate Signing Request (CSR)

  • Generate a CSR:
    openssl req -new -key private.key -out request.csr
  • Generate a CSR with a Specific Configuration File:
    openssl req -new -key private.key -out request.csr -config openssl.cnf

Self-Signed Certificate

  • Generate a Self-Signed Certificate:
    openssl req -x509 -days 365 -key private.key -in request.csr -out certificate.crt
  • Generate a Self-Signed Certificate Without a CSR:
    openssl req -x509 -newkey rsa:2048 -keyout private.key -out certificate.crt -days 365

Viewing and Verifying Certificates

  • View Certificate Details:
    openssl x509 -in certificate.crt -text -noout
  • Verify a Certificate and Key Match:
    openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in private.key | openssl md5
  • Verify a CSR:
    openssl req -text -noout -verify -in request.csr

Converting Certificate Formats

  • Convert PEM to DER:
    openssl x509 -outform der -in certificate.crt -out certificate.der
  • Convert DER to PEM:
    openssl x509 -inform der -in certificate.der -out certificate.crt
  • Convert PEM to PKCS12:
    openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt

Managing Existing Certificates

  • Extract Public Key from a Certificate:
    openssl x509 -pubkey -noout -in certificate.crt > public.key
  • Extract Public Key from a Private Key:
    openssl rsa -pubout -in private.key -out public.key
  • Check a Private Key:
    openssl rsa -check -in private.key

Encrypting and Decrypting Data

  • Encrypt a File Using a Public Key:
    openssl rsautl -encrypt -inkey public.key -pubin -in plaintext.txt -out encrypted.txt
  • Decrypt a File Using a Private Key:
    openssl rsautl -decrypt -inkey private.key -in encrypted.txt -out decrypted.txt

Digital Signatures

  • Sign a File:
    openssl dgst -sha256 -sign private.key -out signature.bin data.txt
  • Verify a Signature:
    openssl dgst -sha256 -verify public.key -signature signature.bin data.txt

Creating Certificate Authority (CA)

  • Create a Self-Signed Root CA Certificate:
    openssl req -x509 -new -nodes -key private.key -sha256 -days 1024 -out ca.crt
  • Sign a Certificate with a CA:
    openssl x509 -req -in request.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out signed_certificate.crt -days 500 -sha256

Summary

This cheat sheet provides a quick reference to common OpenSSL commands for managing SSL/TLS certificates and encryption. Whether you are generating keys, creating CSRs, or converting certificate formats, these commands will help streamline your workflow. For more detailed information, always refer to the OpenSSL documentation.

Did you find this article valuable?

Support Cloud Tuned by becoming a sponsor. Any amount is appreciated!

opensslTLS