Below is a short compilation of common used openssl commands (a kind of cookbook) helpful for sysadmins who has to commonly deal with OpenSSL certificates.
Lets say you have to generate new certificate / key and a PEM files, prepare self-signed certificates, show CSR / PEM or KEY ssl file contents, get information about certificate such as expiry date a type of encryption algorithm or sign certificate with self-signed authority convert PEM to PKCS12, convert from PKCS12 file format to .PEM, convert java X509 to java key store SSL encryptionor convert java key store format certificate to PKCS12, then below will be of use to you.
1. Generate Private RSA Key with 2048 bits
# openssl genrsa -out $ (hostname -f) .key 2048
2. Create CSR file
# openssl req -new -key $ (hostname -f) .key -out $ (hostname -f) .csr
3. Create a Self Certified Certificate:
# openssl x509 -req -days 30 -in $ (hostname -f) .csr -signkey $ (hostname -f) .key -out $ (hostname -f) .crt
Enter password:# openssl rsa -in key.pem -out newkey.pem
4. Show CSR file content
# openssl req -in newcsr.csr -noout -text
5. Get Certificate version / serial number / signature algorithm / RSA key lenght / modulus / exponent etc.
# openssl x509 -in newcert.pem -noout -text
6. Server certificate as CA self signeded
# openssl ca -in newcert.csr -notext -out newcert.pem
7. Generate a certificate signing request based on an existing certificate
# openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
8. Convert .pem / .key / .crt file format to pkcs12 format
# openssl pkcs12 -export -in newcert.pem -inkey newkey.key -certfile ca.crt -out newcert.p12
9. Convert pkcs12 pfx to common .pem
# openssl pkcs12 -in mycert.pfx -out mycert.pem
10. The Formats available
# openssl x509 -inform the -in certificate.cer -out certificate.crt
11. Convert a pkcs # 7 certificate into PEM format
# openssl pkcs7 -in cert.p7c -inform DER -outform PEM -out certificate.p7b
# openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem
12. Convert X509 to java keystore file
# java -cp not-yet-commons-ssl-0.3.11.jar org.apache.commons.ssl.KeyStoreBuilder pass_for_new_keystore key.key certificate.crt
13. Convert java keystore file to pkcs12
# keytool -importkeystore -srckeystore keystore.jks -destkeystore intermediate.p12 -deststoretype PKCS12
More helpful Articles
Tags: Below, cheat sheet, file, generate, key, openssl, pem, say, Self Certified Certificate, view