Skip to main content

openssl summary

openssl is great tool but it is hard to remember its usage ... here is my summary.


PKCS#12 (pfx files)

man page  Wikipedia on PKCS12

Export public key 
openssl pkcs12 -in cert.pfx -clcerts -nokeys -out publicKey.pem

Export private key
openssl pkcs12 -in cert.pfx -nocerts -nodes -out privateKey.pem

X509 (CER files)

man page  Wikipedia on X.509

Dump certificate
openssl x509 -in cert.cer -noout -text

Convert CER to PEM 
openssl x509 -in cert.cer -outform pem -out a.pem

Convert CRL (revocation list file) to PEM format
openssl crl -inform der -in revocationListFile.crl -outform pem -out a.pem

Troublesooting

Try to connect over SSL
opeopenssl s_client -connect server:443

Try to ask OCSP question (check if certificate revoced)
openssl ocsp -issuer caCert.cer -cert certToCheck.cer -text -url ocspServerUrl

Understand value of SSLCipherSuite
openssl ciphers -v 'HIGH:MEDIUM:!aNULL:!MD5'

Comments

esign said…
It is really amazing! So many new things that I even didn't hear about them. Difficult to follow for a not professional, a private individual. The world goes on progressing by innovating and inventing.
Ziv said…
Thanks

Popular posts from this blog

Jenkins error: groovy.lang.MissingPropertyException

I tried to run groovy build step and got below error. This post will describe how I solved the problem.

Caught: groovy.lang.MissingPropertyException: No such property: hudson for class: script


Digital signature in pictures

I never remember what happens when digital signature is used. So here is my summary 'Digital signature for dummies'.