I thought to share publically my OpenSSL cheat-sheet commands, but not only OpenSSL
Generate CSR + Private Key:
openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout KEYFILENAME.key -out CSRFILE.csr
- In case a public certificate is renewed, go to xolphin website, navigate to the relevant certificate, and then initiate certificate renewal, and then paste the CSR content into the CSR input field. Follow the remaining procedure to renew the certificate.
- Download the certificate file(s) after the renewal is successful.
Generate (Export) PFX file (if needed):
- using the previously generated files (certificate, and public key), in addition to the Root CA and intermediate certificate, you can use the following command to generate a PFX file (use the option “-certfile” to input as many chain certificates you need):
openssl pkcs12 -export -out CERTIFICATE.pfx -inkey PORIVATEKEY.key -in CERTFILE.crt -certfile ANYROOT/INTERMEDIATECERT.crt -certfile ANYROOT/INTERMEDIATECERT.crt.crt -name FRIENDLYNAME/COMMONNAME
View certificate details
openssl x509 -text -in CERTFILENAME -noout
View PFX file details
openssl pkcs12 -info -in PFXFILENAME
Sign CSR from Windows CA
First, loginto your CA server, and opena CMD terminal.
certreq -submit -binary -attrib “CertificateTemplate:WebServer” “PATHTOYOURCSR.csr” “PATHTOYOURCERTFILE.cer”
Create PFX if needed otherwise send the cer file and something the root and intermediate root cer files.
Convert CER files to PEM or PFX
openssl x509 -inform der -in certificate.cer -out certificate.pem
Leave a Reply