Saturday, February 20, 2021

[SSL][PKI][OpenSSL]OpenSSL Cheatsheet

 Reference: https://cheatography.com/albertx/cheat-sheets/openssl/


Installation:

# apt-get update

# apt-get install openssl


Generating Key-ring:

The following example is to generate a 4096 bit private key and export it to a key file:

# openssl genrsa -out ./private-key.key 4096

Or generate a password-protected private key as such:

# openssl genrsa -aes256 -out ./private-key.key 4096

The public key could be generated upon the key-ring as shown below:

# openssl rsa -in ./private-key.key -RSAPublicKey_out -out ./pubic-key.key


Add/Remove Password-Protected function on a private key:

Adding Password-Protected function could be done as follows:

# openssl rsa -aes256 -in ./private-key.key -out ./private-key.encrypted.key

And Removing Password-Protected function is done as shown below:

# openssl rsa -in ./private-key.encrypted.key -out ./private-key.key


Creating Certificate Signing Request (CSR):

Creating a Certificate Signing Request (CSR) by using an existing private key:

# openssl req -new -key ./private-key.key -out ./request.csr

Read the CSR file:

# openssl req -text -noout -in ./request.csr

Read the public key from the CSR file:

# openssl req -pubkey -noout -in ./request.csr


Sign a certificate through Certificate Signing Request (CSR):

# openssl ca -in ./request.csr -out ./certificate.crt -config ./CA/config/openssl.cnf

Read the information sitting in the certificate:

# openssl x509 -text -noout -in ./certificate.crt

Extract the public key from the certificate:

# openssl x509 -pubkey -noout -in ./cert.crt


Generating Key-ring and Self-Signed Certificate concurrently:

# openssl req -newkey rsa:2048 -nodes -keyout /etc/ssl/certs/key.pem -x509 -days 365 -out /etc/ssl/certs/certificate.pem

Or:

# openssl req -newkey rsa:2048 -nodes -keyout ./private-key.key -x509 -days 365 -out ./cert.crt


Identifying Key-ring and Certificate:

Utilize MD5 hash function to identify all files:

# openssl dgst -md5 ./* 2>/dev/null


Combine Private Key and Certificate into PKCS #12 format file:

# openssl pkcs12 -export -out ./cert_key.p12 -inkey ./private-key.key -in ./certificate.crt


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)