head.daveops.net

Snippets for yer computer needs

OpenSSL

OpenSSL

RSA key processing —————— # Generate a private key openssl genrsa -out private_key.pem 2048 # Make a new public key openssl rsa -pubout -in private_key.pem -out public_key.pem # Get info on private key openssl rsa -text -in private_key.pem

Generate Certificate Signing Request

openssl req -new -key private_key.pem -out cert.csr

Self-sign a certificate

openssl req -x509 -key private_key.pem -in cert.csr -out cert.crt

Get certificate details

openssl x509 -in certificate.crt -text -noout

Create a CA

# Create a root CA key
openssl genrsa -out rootCA.key 2048
# Create a self-signed CA certificate
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 365 -out rootCA.pem
# Sign a request
openssl x509 -req -in request.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out requested.crt -days 500 -sha256

Cross-signing certs with multiple CA’s

Testing an SNI certificate

openssl s_client -servername example.com -connect example.com:443