OpenSSL

OpenSSL (1988) is an open source implementation of the TSL cryptographic protocol, and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocol.

• yum install openssl
• rpmfind.net: https://rpmfind.net/linux/rpm2html/search.php?query=openssl

CSR Examples[edit]

• Generate a new self signed certificate instead of a Certificate Signing Request (CSR)

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.pem

Output a self-signed certificate instead of a certificate request

-nodes (short for no DES) do not encrypt private key

-x509 Output a self-signed certificate instead of a certificate request

• Generate a multi domain self signed certificate, read https://serverfault.com/questions/73689/how-to-create-a-multi-domain-self-signed-certificate-for-apache2

• Read certificate (CRT)

openssl x509 -text -noout -in root.crt

• Read CSR

openssl req -text -noout -in root.csr

Public keys[edit]

• Generate a public key from a PEM private key

openssl rsa -in mykey.pem -pubout > mykey.pub

Activities[edit]

• Generate a random number: openssl rand -base64 32^[1]
• Save remote SSL cert as a file:
  • openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443^[2]
  • openssl s_client -showcerts -connect YOUR_DOMAIN.COM<:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > mycertfile.pem

• Encrypt and decrypt files using openssl enc

Related terms[edit]

• ansible-vault encrypt|decrypt|view
• ssh-keygen
• Cypher
• Hash
• openssl (command)
• OpenSSL v3

Vulnerabilities[edit]

Related[edit]

• pycrypto python library

See also[edit]

• openssl [ rand | s_client | passwd | openssl req | openssl rsa | openssl genrsa | openssl x509 | openssl ca | openssl verify | openssl ec | openssl dgst | openssl pkcs12 | openssl asn1parse | openssl help | .cer to .pem, openssl version
• OpenSSL: RSA, ECDSA, WolfSSL, AES, Diffie-Hellman (DH) key-exchange, /etc/ssl/openssl.cnf, OpenSSL v3
• OpenSSH (changelog): /etc/ssh/sshd_config | /etc/ssh/ssh_config | ~/.ssh/ | openSSL | sshd logs | sftp | scp | authorized_keys | ssh-keygen | ssh-keyscan | ssh-add | ssh-agent | ssh | Ssh -O stop | ssh-copy-id | CheckHostIP | UseKeychain, OpenSSF, ~/.ssh/authorized_keys
• HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL, openSSL, WebSockets, WebRTC, ssl_certificate QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers, --insecure, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1, HTTP security
• Encryption, openssl, ecryptfs, encfs, GPG, PGP, Symantec Encryption Desktop, VeraCrypt, CMEK, BitLocker, OAEP, Cypher
• Secrets: Kubernetes secrets, ansible-vault, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager, git-crypt, SOPS: Secrets OPerationS, Google Cloud Secret Manager, GitHub secret scanning alerts, Sealed-secrets
• Public-key cryptography: RSA, DSA, ECDSA, EdDSA (Ed25519), AES, RSA Conference, hash, pkeyutl, Signature, key length, Easyrsa, OAEP, Ron Rivest, Adi Shamir, Leonard Adleman
• SSL: OpenSSL, LibreSSL, wolfSSL, BoringSSL, SSL pinning, /etc/ssl/certs/, ca-certificates, /etc/ssl/, sslscan2

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Source: https://en.wikiversity.org/wiki/OpenSSL