OpenSSL – Few Useful Commands

I thought to share publically my OpenSSL cheat-sheet commands, but not only OpenSSL

Generate CSR + Private Key:

  • Example:
openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout KEYFILENAME.key -out CSRFILE.csr
  • In case a public certificate is renewed, go to xolphin website, navigate to the relevant certificate, and then initiate certificate renewal, and then paste the CSR content into the CSR input field. Follow the remaining procedure to renew the certificate.
  • Download the certificate file(s) after the renewal is successful.

Generate (Export) PFX file (if needed):

  • using the previously generated files (certificate, and public key), in addition to the Root CA and intermediate certificate, you can use the following command to generate a PFX file (use the option “-certfile” to input as many chain certificates you need):
openssl pkcs12 -export -out CERTIFICATE.pfx -inkey PORIVATEKEY.key -in CERTFILE.crt -certfile ANYROOT/INTERMEDIATECERT.crt -certfile ANYROOT/INTERMEDIATECERT.crt.crt -name FRIENDLYNAME/COMMONNAME

View certificate details

openssl x509 -text -in CERTFILENAME -noout

View PFX file details

openssl pkcs12 -info -in PFXFILENAME

Sign CSR from Windows CA

First, loginto your CA server, and opena CMD terminal.

certreq -submit -binary -attrib “CertificateTemplate:WebServer” “PATHTOYOURCSR.csr” “PATHTOYOURCERTFILE.cer”

Create PFX if needed otherwise send the cer file and something the root and intermediate root cer files.

Convert CER files to PEM or PFX

openssl x509 -inform der -in certificate.cer -out certificate.pem

Posted

in

by

Tags:

Comments

Leave a Reply

%d bloggers like this: