12 Practical Examples of OpenSSL [Updated 2022]

OpenSSL is the open-source implementation of SSL and TLS protocol. It is a general-purpose cryptographic library and free to use for commercial and non-commercial under simple license conditions. Some software components of OpenSSL are FIPS 140-2 certified which adds further confidence among developers and the security community. It basically implements in the C programming language. It supports different cryptographic algorithms categorizes under ciphers, cryptographic hash functions, and public-key cryptography.

Now, we will discuss the usage of OpenSSL by using different CLI commands.

(1) Generate a new private key and certificate signing request

Using OpenSSL, a user can generate a new private key and certificate signing request by using the below command.

$openssl req -out TestCSR.csr -new -newkey rsa:2048-nodes -keyout TestPrivateKey.key

We can see the generated certificate signing request by using the cat command

We can see the generated private key by using the cat command

Click Here to learn Linux Curl Commands - Quick Tutorial

(2) Generate a self-signed certificate

By using OpenSSL, a user can generate a self-signed certificate by using the below command.

$openssl req -x509 -sha512 -nodes -days 180 -newkey rsa:1024 -keyout TestPrivateKey.key -out TestCertificate.crt

We can see the generated test certificate by using cat command

(3) Generate a certificate signing request (CSR) based on an existing certificate

$openssl x509 req -in certificate.crt -out TestCSRNew.csr -signkey TestPrivateKey.key

(4) Generate a certificate signing request (CSR) for an existing private key

$openssl req -out TestCSR.csr -key TestPrivateKey.key -new

(5) Convert a certificate file .cer (or .crt, .der) to PEM (.pem)

$openssl x509 -inform pem -in TestCertificate.crt -out TestCertificate.pem

Click Here for Interview Questions on Cryptography asked by Big Companies

(6) Convert a certificate file PEM (.pem) to .der

$openssl x509 -outform der -in TestCertificate1.pem -out TestCertificate1.der

(7) Check a private key using OpenSSL

$openssl rsa -in TestPrivateKey.key -check

(8) Check a Certificate Signing Request (CSR)

$openssl req -text -noout -verify -in TestCSR.csr

(9) Check Certificate using OpenSSL

$openssl x509 -in TestCertificate.crt -text -noout

Click Here for Top 5 Commands to test DNS Zone Transfer in 2 Minutes

(10) Check an SSL connection by giving URL as input.

$openssl s_client -connect www.allabouttesting.org:443

(11) Check the version of OpenSSL

$openssl version

(12) Check the .pem file for a certification expiration date

$openssl x509 -noout -in TestCertificate.pem -dates

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

3 Responses

  1. Charity says:

    Ӏt’s truly very c᧐mplex in this fuⅼl of activity life to listen news
    on Televisiоn, therefore I simply use thе web foor thaat rеason, and obtaіin thee newest infoгmation.

  1. October 6, 2021

    examples are gud

  2. October 26, 2021

    post more interview questions

Leave a Reply

Your email address will not be published.