OpenSSL is the open source implementation of SSL and TLS protocol. It is general purpose cryptographic library and free to use both commercial and non-commercial under some simple license condition. Some software components of OpenSSL is FIPS 140-2 certified which adds further confidence among developers and security community. It basically implements in C programming language. It supports different cryptographic algorithms categorizes under ciphers, cryptographic hash functions, and public-key cryptography.
Now, we will discuss the usage of OpenSSL by using different CLI commands.
(1) Generate a new private key and certificate signing request
By using OpenSSL, a user is able to generate a new private key and certificate signing request by using below command.
$openssl req -out TestCSR.csr -new -newkey rsa:2048-nodes -keyout TestPrivateKey.key
We can see the generated certificate signing request by using the cat command
We can see the generated private key by using the cat command
(2) Generate a self-signed certificate
By using OpenSSL, a user is able to generate a self-signed certificate by using below command.
$openssl req -x509 -sha512 -nodes -days 180 -newkey rsa:1024 -keyout TestPrivateKey.key -out TestCertificate.crt
We can see the generated test certificate by using cat command
(3) Generate a certificate signing request (CSR) based on an existing certificate
$openssl x509 req -in certificate.crt -out TestCSRNew.csr -signkey TestPrivateKey.key
(4) Generate a certificate signing request (CSR) for an existing private key
$openssl req -out TestCSR.csr -key TestPrivateKey.key -new
(5) Convert a certificate file .cer (or .crt, .der) to PEM (.pem)
$openssl x509 -inform pem -in TestCertificate.crt -out TestCertificate.pem
(6) Convert a certificate file PEM (.pem) to .der
$openssl x509 -outform der -in TestCertificate1.pem -out TestCertificate1.der
(7) Check a private key using OpenSSL
$openssl rsa -in TestPrivateKey.key -check
(8) Check a Certificate Signing Request (CSR)
$openssl req -text -noout -verify -in TestCSR.csr
(9) Check Certificate using OpenSSL
$openssl x509 -in TestCertificate.crt -text -noout
(10) Check an SSL connection by giving URL as input.
$openssl s_client -connect www.allabouttesting.org:443
(11) Check the version of OpenSSL
(12) Check the .pem file for a certification expiration date
$openssl x509 -noout -in TestCertificate.pem -dates
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.