openssl
Contents
Brief
openssl genrsa -out key.pem <2048> //private key
openssl rsa -in key.pem -pubout -out key.pub //public key
openssl rsautl -encrypt -in plaintext -inkey key.pub -pubin -out cipher //encrypt
openssl rsautl -decrypt -in cipher -inkey key.pem -out plainagain //decrypt
openssl rsautl -decrypt -in cipher -inkey key.pem -raw -hexdump //decrypt - raw hexdump to see padding
openssl rsa -in key.pem -noout -modulus //modulus
Root
Intermediate
Client/Server Certs
Create key
- openssl genrsa -out intermediate/private/test_client.key.pem 2048
- chmod 400 intermediate/private/test_client.key.pem
Create cert
- openssl req -config intermediate/openssl.cnf -key intermediate/private/test_client.key.pem -new -sha256 -out intermediate/csr/test_client.csr.pem
- openssl ca -config intermediate/openssl.cnf -extensions usr_cert|server_cert -days 375 -notext -md sha256 -in intermediate/csr/test_client.csr.pem -out intermediate/certs/test_client.cert.pem
- chmod 444 intermediate/certs/test_client.cert.pem
Verify
- openssl x509 -noout -text -in intermediate/certs/test_client.cert.pem
- openssl verify -CAfile intermediate/certs/ca-chain.cert.pem intermediate/certs/test_client.cert.pem
Verify cert/key pair + openssl x509 -noout -modulus -in server.crt | openssl md5 + openssl rsa -noout -modulus -in server.key | openssl md5
openssl x509 -pubkey -in m0vin-crt.pem -noout | openssl md5
penssl pkey -pubout -in m0vin-key.pem | openssl md5
View key size/length (first line of output)
openssl rsa -noout -text -inform der -in trusted-cert-key
Fingerprints:
openssl x509 -noout -fingerprint -sha1|sha256 -in crt.pem
Deploy
Conversion
Converts der format certificate to pem format:
- openssl x509 -inform der -in dummy-trusted-cert -out dummy-trusted-cert.pem
Converts der format key to pem format:
- openssl rsa -in dummy-trusted-cert-key -inform DER -out dummy-trusted-cert-key.pem -outform PEM
Keytool
keytool -list -keystore ~/path.to.keystore