OpenSSL

From Notes

Jump to: navigation, search

Create CA Certificate Hash 

ln -s <cacert>.pem $(openssl x509 -noout -hash -in <cacert>.pem).0

Remember to include the trailing .0.

Generate a CSR - Certificate Signing Request 

primary ssl # openssl req -newkey rsa:1024 -keyout testkey.pem -keyform PEM -out testreq.pem -outform PEM

The private key is testkey.pem, while the request is testreq.pem.

One inconvenience to this is that you will have to enter the password manually each time you start your server. This could create problems if your server reboots during the night and you dont have remote access. One way to get around this is to decrypt your private key -- if you know that you stand a good chance of your private key remaining secure, this is very convenient.

Decrypt a private RSA key 

openssl rsa -in <private key>.pem -out <private key w/o passwd>.pem

Verify a CSR 

openssl req -noout -text -in <cert>

Test an SSL/TLS connection or retrieve a certificate 

openssl s_client -connect <host>:<port>

'Generate a Linux-style password Hash' 

openssl passwd -1

'Generate a UNIX-style password Hash' 

openssl passwd

Create your own Certification Authority

itsecureadmin.com root CA Certificate

Retrieved from "http://itsecureadmin.com/wiki/index.php/OpenSSL"
Personal tools