Most Common OpenSSL Commands

April 21, 2011 Author: Admin
No comment yet
Email, RSS Follow

These commands allow you to generate CSRs, Certificates, Private Keys and do other miscellaneous tasks.

### Generate a new private key and Certificate Signing Request ###

* Create Key

openssl  genrsa  -des3  -out  www.adminlgos.info.key  2048

* Create CSR

openssl req -new -key www.adminlogs.info.key -out www.adminlogs.info.csr

Or you can execute the above two commands in a single line as follows

openssl req -out www.adminlogs.csr -new -newkey  rsa:2048  -nodes -keyout  www.adminlogs.key

While creating CSR , you need to fill the following things

Country, State (or Province), Locality (or City), Organization, Organizational Unit, and Common Name. Please note:

  1. The Country is a two-digit code — for the United States, it’s ‘US’.
  2. State and Locality are full names, i.e. ‘California’, ‘Los Angeles’.
  3. The Organization Name is your Full Legal Company or Personal Name, as legally registered in your locality.
  4. The Organizational Unit is whichever branch of your company is ordering the certificate such as accounting, marketing, etc.
  5. The Common Name is the Fully Qualified Domain Name (FQDN) for which you are requesting the ssl certificate.

If you are generating a CSR for a Wildcard Certificate your common name must start with *. (for example: *.adminlogs.info). The wildcard character (*) will be able to assume any name that does not have a “dot” character in it.

Once your CSR is created, you will be able to simply copy and paste the csr and contact your ssl provider for the CRT.

*  Generate a self-signed certificate

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout www.adminlogs.key  -out www.adminlogs.crt

*  Generate a certificate signing request (CSR) for an existing private key

openssl req -out www.adminlogs.csr -key www.adminlogs.key -new

*  Generate a certificate signing request based on an existing certificate

openssl x509 -x509toreq -in www.adminlogs.crt -out www.adminlogs.csr -signkey www.adminlogs.key

*  Remove a passphrase from a private key

openssl rsa -in www.adminlogs.pem -out adminlogs.pem

###  Verify the key and cert Using OpenSSL command  ###

If you need to check the information within a Certificate, CSR or Private Key, use these commands. You can also check CSRs and check certificates using our online tools.

* Verify a Certificate Signing Request (CSR)

openssl req -text -noout -verify -in www.adminlogs.csr

* Verify a private key

openssl rsa -in www.adminlogs.key -check

* Verify a certificate

openssl x509 -in www.adminlogs.crt -text -noout

Also if you are facing any issues with SSL installation, then ensure the MODULUS and PUBLIC EXPONENT fields match for the public and private key.

openssl x509 -noout -text -in  [path of certificate]

openssl rsa -noout -text -in   [path of private key]

No related posts.

Posted in :  Apache , Security
Tags :  , , , , , , , , , , , ,

URL for this post : http://adminlogs.info/2011/04/21/most-common-openssl-commands/