openssl⚓︎
Source: https://gitlab.com/dpremy/dot-misc/-/blob/master/cheatsheets/openssl_cheatsheet.md
Converting⚓︎
# Convert a PKCS#12 file (.pfx .p12) containing a private key and cert. to PEM
# add -nocerts to output only the private key
# add -nokeys to output only the cert.
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
# Convert a PEM and private key to PKCS#12 (.pfx .p12)
openssl pkcs12 -export -out cert.pfx -inkey private.key -in cert.crt -certfile ca.crt
# Convert DER file (.crt .cer .der) to PEM
openssl x509 -inform der -in cert.cer -out cert.pem
# Convert PEM to DER
openssl x509 -outform der -in cert.pem -out cert.der
Misc⚓︎
# Generate a new CSR with private key
openssl req -out csr.csr -new -newkey rsa:2048 -nodes -keyout private.key
# Generate a CSR for an existing private key
openssl req -out csr.csr -key private.key -new
# Generate a CSR based on an existing certificate
openssl x509 -x509toreq -in cert.crt -out csr.csr -signkey private.key
# Generate a self-signed certificate
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out cert.crt
# Remove a passphrase from a private key
openssl rsa -in private.pem -out newprivate.pem
# Check a servers certificate
echo "" | openssl s_client -connect www.server.com:443
echo "" | openssl s_client -showcerts -connect www.server.com:443 | openssl x509 -text -noout
Checking and Verifying⚓︎
# Verify a CSR
openssl req -text -noout -verify -in csr.csr
# Check a private key
openssl rsa -in private.key -check
# Output a cert.in text
openssl x509 -in cert.crt -text -noout
# Show a PKCS#12 file (.pfx or .p12) info
openssl pkcs12 -info -in cert.p12